mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-11-21 17:16:54 +02:00
[Web] add validate mailbox name function
This commit is contained in:
FreddleSpl0it
parent
7bd27b920a
commit
8bbb3bf64f
@ -108,7 +108,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
|
||||
];
|
||||
}
|
||||
elseif (isset($_GET['mailbox'])){
|
||||
if(filter_var(html_entity_decode(rawurldecode($_GET["mailbox"])), FILTER_VALIDATE_EMAIL) && !empty($_GET["mailbox"])) {
|
||||
if(is_valid_mailbox_name(html_entity_decode(rawurldecode($_GET["mailbox"])))) {
|
||||
// edit mailbox
|
||||
$mailbox = html_entity_decode(rawurldecode($_GET["mailbox"]));
|
||||
$result = mailbox('get', 'mailbox_details', $mailbox);
|
||||
@ -146,7 +146,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
|
||||
$template = 'edit/transport.twig';
|
||||
$template_data = ['transport' => $transport];
|
||||
}
|
||||
elseif (isset($_GET['resource']) && filter_var(html_entity_decode(rawurldecode($_GET["resource"])), FILTER_VALIDATE_EMAIL) && !empty($_GET["resource"])) {
|
||||
elseif (isset($_GET['resource']) && is_valid_mailbox_name(html_entity_decode(rawurldecode($_GET["resource"])))) {
|
||||
$resource = html_entity_decode(rawurldecode($_GET["resource"]));
|
||||
$result = mailbox('get', 'resource_details', $resource);
|
||||
$template = 'edit/resource.twig';
|
||||
|
||||
@ -22,7 +22,7 @@ function rrmdir($src) {
|
||||
function addAddresses(&$list, $mail, $headerName) {
|
||||
$addresses = $mail->getAddresses($headerName);
|
||||
foreach ($addresses as $address) {
|
||||
if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (is_valid_mailbox_name($address['address'])) {
|
||||
$list[] = array('address' => $address['address'], 'type' => $headerName);
|
||||
}
|
||||
}
|
||||
|
||||
@ -9,13 +9,13 @@ error_reporting(0);
|
||||
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
|
||||
$transport_id = intval($_GET['transport_id']);
|
||||
$transport_type = $_GET['transport_type'];
|
||||
if (isset($_GET['mail_from']) && filter_var($_GET['mail_from'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_GET['mail_from']) && is_valid_mailbox_name($_GET['mail_from'])) {
|
||||
$mail_from = $_GET['mail_from'];
|
||||
}
|
||||
else {
|
||||
$mail_from = "relay@example.org";
|
||||
}
|
||||
if (isset($_GET['mail_rcpt']) && filter_var($_GET['mail_rcpt'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_GET['mail_rcpt']) && is_valid_mailbox_name($_GET['mail_rcpt'])) {
|
||||
$mail_rcpt = $_GET['mail_rcpt'];
|
||||
}
|
||||
else {
|
||||
|
||||
@ -47,7 +47,7 @@ function bcc($_action, $_data = null, $_attr = null) {
|
||||
$domain = idn_to_ascii($local_dest, 0, INTL_IDNA_VARIANT_UTS46);
|
||||
$local_dest_sane = '@' . idn_to_ascii($local_dest, 0, INTL_IDNA_VARIANT_UTS46);
|
||||
}
|
||||
elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) {
|
||||
elseif (is_valid_mailbox_name($local_dest)) {
|
||||
$mailbox = mailbox('get', 'mailbox_details', $local_dest);
|
||||
$shared_aliases = mailbox('get', 'shared_aliases');
|
||||
$direct_aliases = mailbox('get', 'direct_aliases');
|
||||
@ -74,7 +74,7 @@ function bcc($_action, $_data = null, $_attr = null) {
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($bcc_dest)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
|
||||
@ -137,7 +137,7 @@ function bcc($_action, $_data = null, $_attr = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($bcc_dest)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
|
||||
@ -274,7 +274,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
|
||||
if (is_valid_domain_name($old_dest)) {
|
||||
$old_dest_sane = '@' . idn_to_ascii($old_dest, 0, INTL_IDNA_VARIANT_UTS46);
|
||||
}
|
||||
elseif (filter_var($old_dest, FILTER_VALIDATE_EMAIL)) {
|
||||
elseif (is_valid_mailbox_name($old_dest)) {
|
||||
$old_dest_sane = $old_dest;
|
||||
}
|
||||
else {
|
||||
@ -285,7 +285,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($new_dest)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
|
||||
@ -340,7 +340,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
|
||||
if (is_valid_domain_name($old_dest)) {
|
||||
$old_dest_sane = '@' . idn_to_ascii($old_dest, 0, INTL_IDNA_VARIANT_UTS46);
|
||||
}
|
||||
elseif (filter_var($old_dest, FILTER_VALIDATE_EMAIL)) {
|
||||
elseif (is_valid_mailbox_name($old_dest)) {
|
||||
$old_dest_sane = $old_dest;
|
||||
}
|
||||
else {
|
||||
@ -351,7 +351,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($new_dest)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
|
||||
|
||||
@ -5,7 +5,7 @@ function app_passwd($_action, $_data = null) {
|
||||
$_data_log = $_data;
|
||||
!isset($_data_log['app_passwd']) ?: $_data_log['app_passwd'] = '*';
|
||||
!isset($_data_log['app_passwd2']) ?: $_data_log['app_passwd2'] = '*';
|
||||
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data['username']) && is_valid_mailbox_name($_data['username'])) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
|
||||
@ -257,7 +257,7 @@ function last_login($action, $username, $sasl_limit_days = 7, $ui_offset = 1) {
|
||||
$sasl_limit_days = intval($sasl_limit_days);
|
||||
switch ($action) {
|
||||
case 'get':
|
||||
if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
if (is_valid_mailbox_name($username) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$stmt = $pdo->prepare('SELECT `real_rip`, MAX(`datetime`) as `datetime`, `service`, `app_password`, MAX(`app_passwd`.`name`) as `app_password_name` FROM `sasl_log`
|
||||
LEFT OUTER JOIN `app_passwd` on `sasl_log`.`app_password` = `app_passwd`.`id`
|
||||
WHERE `username` = :username
|
||||
@ -333,7 +333,7 @@ function last_login($action, $username, $sasl_limit_days = 7, $ui_offset = 1) {
|
||||
return array('ui' => $ui, 'sasl' => $sasl);
|
||||
break;
|
||||
case 'reset':
|
||||
if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
if (is_valid_mailbox_name($username) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$stmt = $pdo->prepare('DELETE FROM `sasl_log`
|
||||
WHERE `username` = :username');
|
||||
$stmt->execute(array(':username' => $username));
|
||||
@ -376,7 +376,7 @@ function sys_mail($_data) {
|
||||
$mass_text = $_data['mass_text'];
|
||||
$mass_html = $_data['mass_html'];
|
||||
$mass_subject = $_data['mass_subject'];
|
||||
if (!filter_var($mass_from, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($mass_from)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__),
|
||||
@ -538,7 +538,7 @@ function logger($_data = false) {
|
||||
}
|
||||
function hasDomainAccess($username, $role, $domain) {
|
||||
global $pdo;
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||
if (!is_valid_mailbox_name($username) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||
return false;
|
||||
}
|
||||
if (empty($domain) || !is_valid_domain_name($domain)) {
|
||||
@ -580,7 +580,7 @@ function hasMailboxObjectAccess($username, $role, $object) {
|
||||
if (empty($username) || empty($role) || empty($object)) {
|
||||
return false;
|
||||
}
|
||||
if (!filter_var(html_entity_decode(rawurldecode($username)), FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||
if (!is_valid_mailbox_name(html_entity_decode(rawurldecode($username))) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||
return false;
|
||||
}
|
||||
if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
|
||||
@ -603,7 +603,7 @@ function hasAliasObjectAccess($username, $role, $object) {
|
||||
if (empty($username) || empty($role) || empty($object)) {
|
||||
return false;
|
||||
}
|
||||
if (!filter_var(html_entity_decode(rawurldecode($username)), FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||
if (!is_valid_mailbox_name(html_entity_decode(rawurldecode($username))) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||
return false;
|
||||
}
|
||||
if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
|
||||
@ -816,7 +816,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
|
||||
global $redis;
|
||||
global $imap_server;
|
||||
|
||||
if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
|
||||
if (!is_valid_mailbox_name($user) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $user, '*'),
|
||||
@ -1080,7 +1080,7 @@ function edit_user_account($_data) {
|
||||
$username = $_SESSION['mailcow_cc_username'];
|
||||
$role = $_SESSION['mailcow_cc_role'];
|
||||
$password_old = $_data['user_old_pass'];
|
||||
if (filter_var($username, FILTER_VALIDATE_EMAIL === false) || $role != 'user') {
|
||||
if (!is_valid_mailbox_name($username) || $role != 'user') {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_data_log),
|
||||
@ -1132,7 +1132,7 @@ function user_get_alias_details($username) {
|
||||
if ($_SESSION['mailcow_cc_role'] == "user") {
|
||||
$username = $_SESSION['mailcow_cc_username'];
|
||||
}
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($username)) {
|
||||
return false;
|
||||
}
|
||||
if (!hasMailboxObjectAccess($username, $_SESSION['mailcow_cc_role'], $username)) {
|
||||
@ -1209,6 +1209,26 @@ function is_valid_domain_name($domain_name) {
|
||||
&& preg_match("/^.{1,253}$/", $domain_name)
|
||||
&& preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name));
|
||||
}
|
||||
function is_valid_mailbox_name($mailbox_name) {
|
||||
if (empty($mailbox_name)) {
|
||||
return false;
|
||||
}
|
||||
if (!filter_var($mailbox_name, FILTER_VALIDATE_EMAIL)) {
|
||||
return false;
|
||||
}
|
||||
if (preg_match('/\//', $mailbox_name)) {
|
||||
return false;
|
||||
}
|
||||
$mailbox_parts = explode('@', $mailbox_name);
|
||||
if (count($mailbox_parts) != 2){
|
||||
return false;
|
||||
}
|
||||
if ($mailbox_parts[0] == '' || $mailbox_parts[1] == '') {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
function set_tfa($_data) {
|
||||
global $pdo;
|
||||
global $yubi;
|
||||
|
||||
@ -19,7 +19,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data['username']) && is_valid_mailbox_name($_data['username'])) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
@ -194,7 +194,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data['username']) && is_valid_mailbox_name($_data['username'])) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
@ -292,7 +292,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data['username']) && is_valid_mailbox_name($_data['username'])) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
@ -731,7 +731,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
unset($gotos[$i]);
|
||||
continue;
|
||||
}
|
||||
if (!filter_var($goto, FILTER_VALIDATE_EMAIL) === true) {
|
||||
if (!is_valid_mailbox_name($goto) === true) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -809,7 +809,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
|
||||
if ((!is_valid_mailbox_name($address) === true) && !empty($local_part)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -827,7 +827,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
}
|
||||
$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `public_comment`, `private_comment`, `goto`, `domain`, `sogo_visible`, `active`)
|
||||
VALUES (:address, :public_comment, :private_comment, :goto, :domain, :sogo_visible, :active)");
|
||||
if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) {
|
||||
if (!is_valid_mailbox_name($address) === true) {
|
||||
$stmt->execute(array(
|
||||
':address' => '@'.$domain,
|
||||
':public_comment' => $public_comment,
|
||||
@ -990,15 +990,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$local_part = strtolower(trim($_data['local_part']));
|
||||
$domain = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
|
||||
$username = $local_part . '@' . $domain;
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
'msg' => 'mailbox_invalid'
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (empty($_data['local_part'])) {
|
||||
if (!is_valid_mailbox_name($username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -1300,7 +1292,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$kind = $_data['kind'];
|
||||
$multiple_bookings = intval($_data['multiple_bookings']);
|
||||
$active = intval($_data['active']);
|
||||
if (!filter_var($name, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($name)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -1666,7 +1658,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
if (!is_valid_mailbox_name($username) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -1720,7 +1712,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
if (!is_valid_mailbox_name($username) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -1779,7 +1771,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
if (!is_valid_mailbox_name($username) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -1950,7 +1942,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
if (!is_valid_mailbox_name($username) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -2373,7 +2365,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
|
||||
if ((!is_valid_mailbox_name($address) === true)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -2443,7 +2435,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
if (empty($goto)) {
|
||||
continue;
|
||||
}
|
||||
if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($goto)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -2823,7 +2815,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$usernames = $_data['username'];
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -2916,7 +2908,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
if (substr($extra_acl, 0, 1) === "@") {
|
||||
$extra_acl = ltrim($extra_acl, '@');
|
||||
}
|
||||
if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
|
||||
if (!is_valid_mailbox_name($extra_acl) && !is_valid_domain_name($extra_acl)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -2926,7 +2918,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
continue;
|
||||
}
|
||||
$domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
|
||||
if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
|
||||
if (is_valid_mailbox_name($extra_acl)) {
|
||||
$extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
|
||||
if (in_array($extra_acl_domain, $domains)) {
|
||||
$_SESSION['return'][] = array(
|
||||
@ -2994,7 +2986,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
// Check items in POST array and skip invalid
|
||||
foreach ($sender_acl_domain_admin as $key => $val) {
|
||||
// Check for invalid domain or email format or not *
|
||||
if (!filter_var($val, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name(ltrim($val, '@')) && $val != '*') {
|
||||
if (!is_valid_mailbox_name($val) && !is_valid_domain_name(ltrim($val, '@')) && $val != '*') {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -3040,7 +3032,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
continue;
|
||||
}
|
||||
// Check if user has alias access (if object is email)
|
||||
if (filter_var($val, FILTER_VALIDATE_EMAIL)) {
|
||||
if (is_valid_mailbox_name($val)) {
|
||||
if (!hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $val)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
@ -3274,7 +3266,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$mailboxes = is_array($_data['mailboxes']) ? $_data['mailboxes'] : array($_data['mailboxes']);
|
||||
|
||||
foreach ($mailboxes as $mailbox) {
|
||||
if (!filter_var($mailbox, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($mailbox)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -3344,7 +3336,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
if (!filter_var($name, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($name)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -3417,7 +3409,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$_data["mbox_exclude"] = array($_data["mbox_exclude"]);
|
||||
}
|
||||
foreach ($_data["mbox_exclude"] as $mailbox) {
|
||||
if (!filter_var($mailbox, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($mailbox)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -3550,11 +3542,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$stmt->execute(array(':logged_in_as' => $_data));
|
||||
$address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
while ($address_row = array_shift($address_rows)) {
|
||||
if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
|
||||
if (is_valid_mailbox_name($address_row['send_as']) && !hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
|
||||
$data['sender_acl_addresses']['ro'][] = $address_row['send_as'];
|
||||
continue;
|
||||
}
|
||||
if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
|
||||
if (is_valid_mailbox_name($address_row['send_as']) && hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
|
||||
$data['sender_acl_addresses']['rw'][] = $address_row['send_as'];
|
||||
continue;
|
||||
}
|
||||
@ -3604,7 +3596,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
if (in_array($row['address'], $data['fixed_sender_aliases'])) {
|
||||
continue;
|
||||
}
|
||||
if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) {
|
||||
if (is_valid_mailbox_name($row['address']) && hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) {
|
||||
$data['sender_acl_addresses']['selectable'][] = $row['address'];
|
||||
}
|
||||
}
|
||||
@ -3664,7 +3656,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'tls_policy':
|
||||
$attrs = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3683,7 +3675,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'quarantine_notification':
|
||||
$attrs = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3699,7 +3691,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'quarantine_category':
|
||||
$attrs = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3715,7 +3707,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'filters':
|
||||
$filters = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3762,7 +3754,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'active_user_sieve':
|
||||
$filter_details = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3838,7 +3830,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'syncjobs':
|
||||
$syncjobdata = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3897,7 +3889,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
}
|
||||
curl_close($curl);
|
||||
$policydata = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3924,7 +3916,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'time_limited_aliases':
|
||||
$tladata = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -3946,7 +3938,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
break;
|
||||
case 'delimiter_action':
|
||||
$policydata = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
@ -4087,7 +4079,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$aliasdata['domain'] = $row['domain'];
|
||||
$aliasdata['goto'] = $row['goto'];
|
||||
$aliasdata['address'] = $row['address'];
|
||||
(!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0;
|
||||
(!is_valid_mailbox_name($aliasdata['address'])) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0;
|
||||
$aliasdata['active'] = $row['active'];
|
||||
$aliasdata['active_int'] = $row['active'];
|
||||
$aliasdata['sogo_visible'] = $row['sogo_visible'];
|
||||
@ -5118,7 +5110,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$usernames = $_data['username'];
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -5361,7 +5353,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$names = $_data['name'];
|
||||
}
|
||||
foreach ($names as $name) {
|
||||
if (!filter_var($name, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($name)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
@ -5478,7 +5470,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
|
||||
$wasModified = false;
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
|
||||
@ -292,7 +292,7 @@ function policy($_action, $_scope, $_data = null) {
|
||||
return $rows;
|
||||
break;
|
||||
case 'mailbox':
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (isset($_data) && is_valid_mailbox_name($_data)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -74,7 +74,7 @@ function pushover($_action, $_data = null) {
|
||||
if (empty($sender)) {
|
||||
continue;
|
||||
}
|
||||
if (!filter_var($sender, FILTER_VALIDATE_EMAIL) === true) {
|
||||
if (!is_valid_mailbox_name($sender) === true) {
|
||||
unset($senders[$i]);
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -308,19 +308,19 @@ function quarantine($_action, $_data = null) {
|
||||
}
|
||||
$max_age = intval($_data['max_age']);
|
||||
$subject = $_data['subject'];
|
||||
if (!filter_var($_data['bcc'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($_data['bcc'])) {
|
||||
$bcc = '';
|
||||
}
|
||||
else {
|
||||
$bcc = $_data['bcc'];
|
||||
}
|
||||
if (!filter_var($_data['redirect'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($_data['redirect'])) {
|
||||
$redirect = '';
|
||||
}
|
||||
else {
|
||||
$redirect = $_data['redirect'];
|
||||
}
|
||||
if (!filter_var($_data['sender'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (!is_valid_mailbox_name($_data['sender'])) {
|
||||
$sender = '';
|
||||
}
|
||||
else {
|
||||
|
||||
@ -21,7 +21,7 @@ function quota_notification($_action, $_data = null) {
|
||||
}
|
||||
$subject = $_data['subject'];
|
||||
$sender = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $_data['sender']);
|
||||
if (filter_var($sender, FILTER_VALIDATE_EMAIL) === false) {
|
||||
if (is_valid_mailbox_name($sender) === false) {
|
||||
$sender = '';
|
||||
}
|
||||
$html = $_data['html_tmpl'];
|
||||
@ -91,7 +91,7 @@ function quota_notification_bcc($_action, $_data = null) {
|
||||
$bcc_rcpts = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['bcc_rcpt']));
|
||||
foreach ($bcc_rcpts as $i => &$rcpt) {
|
||||
$rcpt = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $rcpt);
|
||||
if (!empty($rcpt) && filter_var($rcpt, FILTER_VALIDATE_EMAIL) === false) {
|
||||
if (is_valid_mailbox_name($rcpt) === false) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data_log),
|
||||
|
||||
@ -238,7 +238,7 @@ function transport($_action, $_data = null) {
|
||||
continue;
|
||||
}
|
||||
// ".domain" is a valid destination, "..domain" is not
|
||||
if ($is_mx_based == 0 && (empty($dest) || (is_valid_domain_name(preg_replace('/^' . preg_quote('.', '/') . '/', '', $dest)) === false && $dest != '*' && filter_var($dest, FILTER_VALIDATE_EMAIL) === false))) {
|
||||
if ($is_mx_based == 0 && (empty($dest) || (is_valid_domain_name(preg_replace('/^' . preg_quote('.', '/') . '/', '', $dest)) === false && $dest != '*' && is_valid_mailbox_name($dest) === false))) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data_log),
|
||||
@ -362,7 +362,7 @@ function transport($_action, $_data = null) {
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($is_mx_based == 0 && (empty($destination) || (is_valid_domain_name(preg_replace('/^' . preg_quote('.', '/') . '/', '', $destination)) === false && $destination != '*' && filter_var($destination, FILTER_VALIDATE_EMAIL) === false))) {
|
||||
if ($is_mx_based == 0 && (empty($destination) || (is_valid_domain_name(preg_replace('/^' . preg_quote('.', '/') . '/', '', $destination)) === false && $destination != '*' && is_valid_mailbox_name($destination) === false))) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data_log),
|
||||
|
||||
@ -83,7 +83,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
|
||||
if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
|
||||
if (isset($_GET["duallogin"])) {
|
||||
$duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
|
||||
if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
|
||||
if (is_valid_mailbox_name($duallogin)) {
|
||||
if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
|
||||
$_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
|
||||
$_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
|
||||
|
||||
@ -45,7 +45,7 @@ elseif (isset($_GET['login'])) {
|
||||
$login = html_entity_decode(rawurldecode($_GET["login"]));
|
||||
if (isset($_SESSION['mailcow_cc_role']) &&
|
||||
(($_SESSION['acl']['login_as'] == "1" && $ALLOW_ADMIN_EMAIL_LOGIN !== 0) || ($is_dual === false && $login == $_SESSION['mailcow_cc_username']))) {
|
||||
if (filter_var($login, FILTER_VALIDATE_EMAIL)) {
|
||||
if (is_valid_mailbox_name($login)) {
|
||||
if (user_get_alias_details($login) !== false) {
|
||||
// load master password
|
||||
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
|
||||
@ -71,6 +71,7 @@ elseif (isset($_GET['login'])) {
|
||||
}
|
||||
// only check for admin-login on sogo GUI requests
|
||||
elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9), "/SOGo/so/") === 0) {
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
|
||||
// this is an nginx auth_request call, we check for existing sogo-sso session variables
|
||||
session_start();
|
||||
// extract email address from "/SOGo/so/user@domain/xy"
|
||||
@ -83,8 +84,7 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
|
||||
foreach($email_list as $email) {
|
||||
// check if this email is in session allowed list
|
||||
if (
|
||||
!empty($email) &&
|
||||
filter_var($email, FILTER_VALIDATE_EMAIL) &&
|
||||
is_valid_mailbox_name($email) &&
|
||||
is_array($_SESSION[$session_var_user_allowed]) &&
|
||||
in_array($email, $_SESSION[$session_var_user_allowed])
|
||||
) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user