7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fixes for BCC map input fields

Browse Source 
[Web] Allow to edit alias address
[Web] $_SESSION['return'] now contains arrays and allows multiple returned messages and log entries
[Web] Some language string changes
[Web] General SQL exception handler, remove all try catch handlers
[Web] Alias table now has an ID as primary key
[Web] Be more aggressive with localStorage cleaning
This commit is contained in:
André
2018-08-13 23:20:40 +02:00
parent d5e81b987b
commit a11cce6765
30 changed files with 2720 additions and 3529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
data/web/inc/functions.address_rewriting.inc.php
View File

@@ -8,7 +8,7 @@ function bcc($_action, $_data = null, $attr = null) {
switch ($_action) {
case 'add':
if (!isset($_SESSION['acl']['bcc_maps']) || $_SESSION['acl']['bcc_maps'] != "1" ) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
@@ -20,7 +20,7 @@ function bcc($_action, $_data = null, $attr = null) {
$active = intval($_data['active']);
$type = $_data['type'];
if ($type != 'sender' && $type != 'rcpt') {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'invalid_bcc_map_type'
@@ -28,7 +28,7 @@ function bcc($_action, $_data = null, $attr = null) {
return false;
}
if (empty($bcc_dest)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'bcc_empty'
@@ -37,7 +37,7 @@ function bcc($_action, $_data = null, $attr = null) {
}
if (is_valid_domain_name($local_dest)) {
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
@@ -49,7 +49,7 @@ function bcc($_action, $_data = null, $attr = null) {
}
elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) {
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
@@ -66,29 +66,21 @@ function bcc($_action, $_data = null, $attr = null) {
return false;
}
if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'bcc_must_be_email'
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `id` FROM `bcc_maps`
WHERE `local_dest` = :local_dest AND `type` = :type");
$stmt->execute(array(':local_dest' => $local_dest_sane, ':type' => $type));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$stmt = $pdo->prepare("SELECT `id` FROM `bcc_maps`
WHERE `local_dest` = :local_dest AND `type` = :type");
$stmt->execute(array(':local_dest' => $local_dest_sane, ':type' => $type));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('bcc_exists', htmlspecialchars($local_dest_sane), $type)
@@ -107,14 +99,14 @@ function bcc($_action, $_data = null, $attr = null) {
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'bcc_saved'
@@ -122,7 +114,7 @@ function bcc($_action, $_data = null, $attr = null) {
break;
case 'edit':
if (!isset($_SESSION['acl']['bcc_maps']) || $_SESSION['acl']['bcc_maps'] != "1" ) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
@@ -139,53 +131,45 @@ function bcc($_action, $_data = null, $attr = null) {
$type = (!empty($_data['type'])) ? $_data['type'] : $is_now['type'];
}
else {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
);
return false;
continue;
}
$active = intval($_data['active']);
if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'bcc_must_be_email'
'msg' => array('bcc_must_be_email', $bcc_dest)
);
return false;
continue;
}
if (empty($bcc_dest)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'bcc_empty'
'msg' => array('bcc_must_be_email', $bcc_dest)
);
return false;
continue;
}
try {
$stmt = $pdo->prepare("SELECT `id` FROM `bcc_maps`
WHERE `local_dest` = :local_dest AND `type` = :type");
$stmt->execute(array(':local_dest' => $local_dest, ':type' => $type));
$id_now = $stmt->fetch(PDO::FETCH_ASSOC)['id'];
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
if (isset($id_now) && $id_now != $id) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('bcc_exists', htmlspecialchars($local_dest), $type)
);
return false;
}
try {
if (isset($id_now) && $id_now != $id) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('bcc_exists', htmlspecialchars($local_dest), $type)
);
continue;
}
$stmt = $pdo->prepare("UPDATE `bcc_maps` SET `bcc_dest` = :bcc_dest, `active` = :active, `type` = :type WHERE `id`= :id");
$stmt->execute(array(
':bcc_dest' => $bcc_dest,
@@ -195,45 +179,37 @@ function bcc($_action, $_data = null, $attr = null) {
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
continue;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('bcc_edited', $bcc_dest)
);
}
$_SESSION['return'] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'bcc_edited'
);
break;
case 'details':
$bccdata = array();
$id = intval($_data);
try {
$stmt = $pdo->prepare("SELECT `id`,
`local_dest`,
`bcc_dest`,
`active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
`type`,
`created`,
`domain`,
`modified` FROM `bcc_maps`
WHERE `id` = :id");
$stmt->execute(array(':id' => $id));
$bccdata = $stmt->fetch(PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$stmt = $pdo->prepare("SELECT `id`,
`local_dest`,
`bcc_dest`,
`active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
`type`,
`created`,
`domain`,
`modified` FROM `bcc_maps`
WHERE `id` = :id");
$stmt->execute(array(':id' => $id));
$bccdata = $stmt->fetch(PDO::FETCH_ASSOC);
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $bccdata['domain'])) {
$bccdata = null;
return false;
@@ -244,18 +220,10 @@ function bcc($_action, $_data = null, $attr = null) {
$bccdata = array();
$all_items = array();
$id = intval($_data);
try {
$stmt = $pdo->query("SELECT `id`, `domain` FROM `bcc_maps`");
$all_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$stmt = $pdo->query("SELECT `id`, `domain` FROM `bcc_maps`");
$all_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($all_items as $i) {
if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $i['domain'])) {
$bccdata[] = $i['id'];
@@ -275,31 +243,30 @@ function bcc($_action, $_data = null, $attr = null) {
$stmt->execute(array(':id' => $id));
$domain = $stmt->fetch(PDO::FETCH_ASSOC)['domain'];
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
);
return false;
continue;
}
$stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `id`= :id");
$stmt->execute(array(':id' => $id));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
continue;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('bcc_deleted', $id)
);
}
$_SESSION['return'] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('bcc_deleted', implode(', ', $ids))
);
return true;
break;
}
}
@@ -325,7 +292,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
$old_dest_sane = $old_dest;
}
else {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('invalid_recipient_map_old', htmlspecialchars($old_dest))
@@ -333,7 +300,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
return false;
}
if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('invalid_recipient_map_new', htmlspecialchars($new_dest))
@@ -345,7 +312,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
$old_dests_existing[] = recipient_map('details', $rmap)['recipient_map_old'];
}
if (in_array($old_dest_sane, $old_dests_existing)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('recipient_map_entry_exists', htmlspecialchars($old_dest))
@@ -362,14 +329,14 @@ function recipient_map($_action, $_data = null, $attr = null) {
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('recipient_map_entry_saved', htmlspecialchars($old_dest_sane))
@@ -388,12 +355,12 @@ function recipient_map($_action, $_data = null, $attr = null) {
}
}
else {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => 'access_denied'
);
return false;
continue;
}
if (is_valid_domain_name($old_dest)) {
$old_dest_sane = '@' . idn_to_ascii($old_dest);
@@ -402,21 +369,21 @@ function recipient_map($_action, $_data = null, $attr = null) {
$old_dest_sane = $old_dest;
}
else {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('invalid_recipient_map_old', htmlspecialchars($old_dest))
);
return false;
continue;
}
$active = intval($_data['active']);
if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('invalid_recipient_map_new', htmlspecialchars($new_dest))
);
return false;
continue;
}
$rmaps = recipient_map('get');
foreach ($rmaps as $rmap) {
@@ -424,12 +391,12 @@ function recipient_map($_action, $_data = null, $attr = null) {
}
if (in_array($old_dest_sane, $old_dests_existing) &&
recipient_map('details', $id)['recipient_map_old'] != $old_dest_sane) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('recipient_map_entry_exists', htmlspecialchars($old_dest_sane))
);
return false;
continue;
}
try {
$stmt = $pdo->prepare("UPDATE `recipient_maps` SET
@@ -445,61 +412,45 @@ function recipient_map($_action, $_data = null, $attr = null) {
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('recipient_map_entry_saved', htmlspecialchars($old_dest_sane))
);
}
$_SESSION['return'] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('recipient_map_entry_saved', htmlspecialchars($old_dest))
);
break;
case 'details':
$mapdata = array();
$id = intval($_data);
try {
$stmt = $pdo->prepare("SELECT `id`,
`old_dest` AS `recipient_map_old`,
`new_dest` AS `recipient_map_new`,
`active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
`created`,
`modified` FROM `recipient_maps`
WHERE `id` = :id");
$stmt->execute(array(':id' => $id));
$mapdata = $stmt->fetch(PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$stmt = $pdo->prepare("SELECT `id`,
`old_dest` AS `recipient_map_old`,
`new_dest` AS `recipient_map_new`,
`active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
`created`,
`modified` FROM `recipient_maps`
WHERE `id` = :id");
$stmt->execute(array(':id' => $id));
$mapdata = $stmt->fetch(PDO::FETCH_ASSOC);
return $mapdata;
break;
case 'get':
$mapdata = array();
$all_items = array();
$id = intval($_data);
try {
$stmt = $pdo->query("SELECT `id` FROM `recipient_maps`");
$all_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
);
return false;
}
$stmt = $pdo->query("SELECT `id` FROM `recipient_maps`");
$all_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($all_items as $i) {
$mapdata[] = $i['id'];
}
@@ -517,7 +468,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
$stmt->execute(array(':id' => $id));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),
'msg' => array('mysql_error', $e)
@@ -525,7 +476,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
return false;
}
}
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'success',
'msg' => array('recipient_map_entry_deleted', htmlspecialchars($old_dest))
);