There is a workaround (sortof).
OTRS has a little-advertised MIME-Viewer configuration but doesn't suggest one for images.
So here's an option (it'll open the image in a new tab if you click the little icon beside the image... it looks like a monitor):
Config.pm:
Code: Select all
$Self->{'MIME-Viewer'}->{'image/jpeg'} = 'perl /opt/otrs/var/httpd/htdocs/js/thirdparty/iw/iw.pl';
Code: Select all
use strict;
use warnings;
use MIME::Base64;
my $filename = $ARGV[0];
open (IMAGE, $filename) or die "$1";
my $base64 = do { local $/ = undef; <IMAGE>; };
my $encoded = encode_base64( $base64 );
close IMAGE;
print <<"END";
<html>
<body>
<img src="data:image/jpeg;base64,$encoded" />
</body>
</html>
END
1;
image/gif
image/jpeg
image/png
If you make a Config.pm MIME-Viewer entry, you can choose to either pass the MIME type as an option or just repeat iw.pl for each MIME type.
There's probably some sort of limit, performance issue, etc. for extremely large images, but I'd leave that as an exercise for you to limit. Also, there's no real parsing of this code for invalid input. If a wanna be jpg imposter submits an invalid jpg, note that the binary file is directly encoded with base64 and this base64 is immediately used in the img tag (it's "real" base64). The base64 vulnerabilities for injection are limited to corrupting the image on its own page. (As far as I have been able to determine. If you find otherwise, please don't blame me. But tell me. And tell me how you'd make this safer.)
OTRS 3.2 and below for Lightbox 2.5 follows.
This is not your average howto. It's not that hard, you probably don't care, but play along and you might like it.
"What does it do?"
If you click on an image attachment, it'll do a fancy popover thing...
So, here goes. ...
1) get lightbox from here http://lokeshdhakar.com/projects/lightbox2/
2) extract it somewhere... could be anywhere, but let's put it in
otrs/var/httpd/htdocs/js/thirdparty/lightbox
3) edit a few files
lightbox/css/lightbox.css
Code: Select all
/* line 81, ../sass/lightbox.sass */
.lb-prev:hover {
background: url(/otrs-web/js/thirdparty/lightbox/images/prev.png) left 48% no-repeat;
}
/* line 85, ../sass/lightbox.sass */
.lb-next:hover {
background: url(/otrs-web/js/thirdparty/lightbox/images/next.png) right 48% no-repeat;
}
Code: Select all
function LightboxOptions() {
this.fileLoadingImage = '/otrs-web/js/thirdparty/lightbox/images/loading.gif';
this.fileCloseImage = '/otrs-web/js/thirdparty/lightbox/images/close.png';
Code: Select all
<script src ="$Config{"Frontend::WebPath"}js/thirdparty/lightbox/js/jquery-1.7.2.min.js"></script>
<script src ="$Config{"Frontend::WebPath"}js/thirdparty/lightbox/js/lightbox.js"></script>
<link href="$Config{"Frontend::WebPath"}js/thirdparty/lightbox/css/lightbox.css" rel="stylesheet" />
Code: Select all
my $EncodedFilename = $Self->{LayoutObject}->LinkEncode( $Param{File}->{Filename} || '' );
my $rel = '';
if (lc $EncodedFilename =~ /\.(tif|jpg|png|gif|jpeg|tiff)$/i) {
$rel = '" rel="lightbox';
}
return (
%{ $Param{File} },
Action => 'Download',
Link =>
"\$Env{\"CGIHandle\"}/$EncodedFilename?Action=AgentTicketAttachment;ArticleID=$Param{Article}->{ArticleID};FileID=$Param{File}->{FileID}" . $rel,
brief modification: removed " at end of $rel because it would cause errors.
edit: changed search to be case insensitive. (/i)