Index: program/steps/settings/save_identity.inc
===================================================================
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -80,6 +80,9 @@
 }
 
-// XSS protection in HTML signature (#1489251)
 if (!empty($save_data['signature']) && !empty($save_data['html_signature'])) {
+    // replace uploaded images with data URIs
+    $save_data['signature'] = rcmail_attach_images($save_data['signature']);
+
+    // XSS protection in HTML signature (#1489251)
     $save_data['signature'] = rcmail_wash_html($save_data['signature']);
 
@@ -190,4 +193,33 @@
 }
 
+
+/**
+ * Attach uploaded images into signature as data URIs
+ */
+function rcmail_attach_images($html)
+{
+    global $RCMAIL;
+
+    $offset = 0;
+    $regexp = '/\s(poster|src)\s*=\s*[\'"]*\S+upload-display\S+file=rcmfile([0-9]+)[\s\'"]*/';
+
+    while (preg_match($regexp, $html, $matches, 0, $offset)) {
+        $file_id  = $matches[2];
+        $data_uri = ' ';
+
+        if ($file_id && ($file = $_SESSION['identity']['files'][$file_id])) {
+            $file = $RCMAIL->plugins->exec_hook('attachment_get', $file);
+
+            $data_uri .= 'src="data:' . $file['mimetype'] . ';base64,';
+            $data_uri .= base64_encode($file['data'] ? $file['data'] : file_get_contents($file['path']));
+            $data_uri .= '" ';
+        }
+
+        $html    = str_replace($matches[0], $data_uri, $html);
+        $offset += strlen($data_uri) - strlen($matches[0]) + 1;
+    }
+
+    return $html;
+}
 
 /**