7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] fix malformed_username check

This commit is contained in:
FreddleSpl0it 2023-08-07 09:20:06 +02:00
parent 66af9b82c0
commit 8f6a655617
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
data/web/inc/functions.auth.inc.php
View File

@ -47,12 +47,14 @@ function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
function admin_login($user, $pass){ function admin_login($user, $pass){
global $pdo; global $pdo;
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) { if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
$_SESSION['return'][] = array( if (!$is_internal){
'type' => 'danger', $_SESSION['return'][] = array(
'log' => array(__FUNCTION__, $user, '*'), 'type' => 'danger',
'msg' => 'malformed_username' 'log' => array(__FUNCTION__, $user, '*'),
); 'msg' => 'malformed_username'
);
}
return false; return false;
} }
@ -99,12 +101,14 @@ function admin_login($user, $pass){
function domainadmin_login($user, $pass){ function domainadmin_login($user, $pass){
global $pdo; global $pdo;
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) { if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
$_SESSION['return'][] = array( if (!$is_internal){
'type' => 'danger', $_SESSION['return'][] = array(
'log' => array(__FUNCTION__, $user, '*'), 'type' => 'danger',
'msg' => 'malformed_username' 'log' => array(__FUNCTION__, $user, '*'),
); 'msg' => 'malformed_username'
);
}
return false; return false;
} }