Swiftmail Private Images

About This Module

Swiftmailer includes some default handling for embedding private files in email, but that will not always work correctly.

Potential problems with private file handling include:

• Core by default turns all image links to absolute image links in email. But those links won't work if they link to images not accessible to anonymous users. This is the case for private images, unless the user is currently logged into the source site.
• Cron always runs as an anonymous user who can't access private images. So processes that work when sending email real-time may not when mail is sent by a cron task.
• Swiftmailer includes options to to prefix images paths with 'image:' or 'cid:'. Swiftmailer then replaces those paths and attaches the images to the email. But that image handling won't work if the email is queued to be generated by cron and contains private images, Swiftmailer will get "access denied" messages.
• The process of adding a cid that points to an attached file won't work in all email clients. A more general solution is to base_64 encode the image and embed it directly into the message text.
• The email recipient may have different permissions to access private images than either the sender or the anonymous user. When a message includes private images, the message should be generated as if by the recipient's user account to ensure it only contains images they have access to.

This solution is to scan for private image links and replace them with the actual image contents, after switching to the recipient account to gain access to the correct files.

The only reliable way to retrieve file contents for private images is with the Drupal uri, the url won't work. So we also need to reverse engineer any html url back into its Drupal uri before retrieving the image and embedding it into the email.

Using this code

If this module is installed, it will automatically examine the text of all Swiftmailer messages looking for embedded private images. When doing this, even during cron, the system will temporarily switch to the user the mail is addressed to, to invoke that person's permissions and allow the use of images they have access to.

If Drupal managed private images are found, the absolute link will be removed from the text and the image itself will be embedded into the email instead.

The end user will need to decide if it's safe to send private files over email, and to add encryption or other protection to the messages. Those tasks are outside the scope of this module.