7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fix BCC validation for aliases

Browse Source
This commit is contained in:
andryyy
2021-06-05 08:40:55 +02:00
parent 51b32bc4c0
commit 7050d7c259
3 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
data/web/inc/functions.address_rewriting.inc.php
View File

@@ -48,7 +48,8 @@ function bcc($_action, $_data = null, $attr = null) {
$local_dest_sane = '@' . idn_to_ascii($local_dest, 0, INTL_IDNA_VARIANT_UTS46);
}
elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) {
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) {
$mailbox = mailbox('get', 'mailbox_details', $local_dest);
if ($mailbox === false && array_key_exists($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
@@ -56,10 +57,16 @@ function bcc($_action, $_data = null, $attr = null) {
);
return false;
}
$domain = mailbox('get', 'mailbox_details', $local_dest)['domain'];
if (empty($domain)) {
return false;
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest) &&
!hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
);
return false;
}
$domain = idn_to_ascii(substr(strstr($local_dest, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
$local_dest_sane = $local_dest;
}
else {