7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fixes for BCC map input fields

Browse Source 
[Web] Allow to edit alias address
[Web] $_SESSION['return'] now contains arrays and allows multiple returned messages and log entries
[Web] Some language string changes
[Web] General SQL exception handler, remove all try catch handlers
[Web] Alias table now has an ID as primary key
[Web] Be more aggressive with localStorage cleaning
This commit is contained in:
André
2018-08-13 23:20:40 +02:00
parent d5e81b987b
commit a11cce6765
30 changed files with 2720 additions and 3529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

322
data/web/inc/functions.quarantine.inc.php
View File

@@ -14,7 +14,7 @@ function quarantine($_action, $_data = null) {
$ids = $_data['id'];
}
if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
@@ -23,59 +23,40 @@ function quarantine($_action, $_data = null) {
}
foreach ($ids as $id) {
if (!is_numeric($id)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
continue;
}
try {
$stmt = $pdo->prepare('SELECT `rcpt` FROM `quarantine` WHERE `id` = :id');
$stmt->execute(array(':id' => $id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
try {
$stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
$stmt->execute(array(
':id' => $id
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
}
else {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
}
catch(PDOException $e) {
$_SESSION['return'] = array(
$stmt = $pdo->prepare('SELECT `rcpt` FROM `quarantine` WHERE `id` = :id');
$stmt->execute(array(':id' => $id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin') {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
'msg' => 'access_denied'
);
continue;
}
else {
$stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
$stmt->execute(array(
':id' => $id
));
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('item_deleted', $id)
);
}
$_SESSION['return'] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('items_deleted', implode(', ', $ids))
);
break;
case 'edit':
if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
@@ -85,7 +66,7 @@ function quarantine($_action, $_data = null) {
// Edit settings
if ($_data['action'] == 'settings') {
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
@@ -101,14 +82,14 @@ function quarantine($_action, $_data = null) {
$redis->Set('Q_EXCLUDE_DOMAINS', json_encode($exclude_domains));
}
catch (RedisException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('redis_error', $e)
);
return false;
}
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'saved_settings'
@@ -125,31 +106,22 @@ function quarantine($_action, $_data = null) {
}
foreach ($ids as $id) {
if (!is_numeric($id)) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
continue;
}
try {
$stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
$stmt->execute(array(':id' => $id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'access_denied'
);
return false;
}
}
catch(PDOException $e) {
$_SESSION['return'] = array(
$stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
$stmt->execute(array(':id' => $id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
'msg' => 'access_denied'
);
continue;
}
$sender = (isset($row['sender'])) ? $row['sender'] : 'sender-unknown@rspamd';
try {
@@ -170,12 +142,12 @@ function quarantine($_action, $_data = null) {
$postfix = 'postfix';
}
else {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'warning',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('release_send_failed', 'Cannot determine Postfix host')
);
return false;
continue;
}
$mail->Host = $postfix;
$mail->Port = 590;
@@ -193,12 +165,12 @@ function quarantine($_action, $_data = null) {
}
catch (phpmailerException $e) {
unlink($msg_tmpf);
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'warning',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('release_send_failed', $e->errorMessage())
);
return false;
continue;
}
try {
$stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
@@ -207,63 +179,179 @@ function quarantine($_action, $_data = null) {
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
continue;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('item_released', $id)
);
}
}
elseif ($_data['action'] == 'learnspam') {
if (!is_array($_data['id'])) {
$ids = array();
$ids[] = $_data['id'];
}
else {
$ids = $_data['id'];
}
foreach ($ids as $id) {
if (!is_numeric($id)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
continue;
}
$stmt = $pdo->prepare('SELECT `msg`, `rcpt` FROM `quarantine` WHERE `id` = :id');
$stmt->execute(array(':id' => $id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin') {
$_SESSION['return'][] = array(
'type' => 'danger',
'msg' => 'access_denied'
);
continue;
}
$curl = curl_init();
curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain'));
curl_setopt($curl, CURLOPT_URL,"http://rspamd/learnspam");
curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
$response = curl_exec($curl);
if (!curl_errno($curl)) {
$response = json_decode($response, true);
if (isset($response['error'])) {
if (stripos($response['error'], 'already learned') === false) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__),
'msg' => array('spam_learn_error', $response['error'])
);
continue;
}
}
curl_close($curl);
$curl = curl_init();
curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 11'));
curl_setopt($curl, CURLOPT_URL,"http://rspamd/fuzzyadd");
curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
$response = curl_exec($curl);
if (!curl_errno($curl)) {
$response = json_decode($response, true);
if (isset($response['error'])) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__),
'msg' => array('fuzzy_learn_error', $response['error'])
);
continue;
}
curl_close($curl);
try {
$stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
$stmt->execute(array(
':id' => $id
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
continue;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__),
'msg' => 'qlearn_spam'
);
continue;
}
else {
curl_close($curl);
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__),
'msg' => array('spam_learn_error', 'curl error ' . curl_errno($curl))
);
continue;
}
curl_close($curl);
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__),
'msg' => array('learn_spam_error', 'unknown')
);
continue;
}
else {
curl_close($curl);
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__),
'msg' => array('spam_learn_error', 'curl error ' . curl_errno($curl))
);
continue;
}
curl_close($curl);
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__),
'msg' => array('learn_spam_error', 'unknown')
);
continue;
}
$_SESSION['return'] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'items_released'
);
}
return true;
break;
case 'get':
try {
if ($_SESSION['mailcow_cc_role'] == "user") {
$stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` = :mbox');
$stmt->execute(array(':mbox' => $_SESSION['mailcow_cc_username']));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$q_meta[] = $row;
}
}
elseif ($_SESSION['mailcow_cc_role'] == "admin") {
$stmt = $pdo->query('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine`');
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$q_meta[] = $row;
}
}
else {
$domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
foreach ($domains as $domain) {
$stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` REGEXP :domain');
$stmt->execute(array(':domain' => '@' . $domain . '$'));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$q_meta[] = $row;
}
}
if ($_SESSION['mailcow_cc_role'] == "user") {
$stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` = :mbox');
$stmt->execute(array(':mbox' => $_SESSION['mailcow_cc_username']));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$q_meta[] = $row;
}
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
elseif ($_SESSION['mailcow_cc_role'] == "admin") {
$stmt = $pdo->query('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine`');
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$q_meta[] = $row;
}
}
else {
$domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
foreach ($domains as $domain) {
$stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` REGEXP :domain');
$stmt->execute(array(':domain' => '@' . $domain . '$'));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$q_meta[] = $row;
}
}
}
return $q_meta;
break;
case 'settings':
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
@@ -276,7 +364,7 @@ function quarantine($_action, $_data = null) {
$settings['retention_size'] = $redis->Get('Q_RETENTION_SIZE');
}
catch (RedisException $e) {
$_SESSION['return'] = array(
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('redis_error', $e)
@@ -289,21 +377,11 @@ function quarantine($_action, $_data = null) {
if (!is_numeric($_data) || empty($_data)) {
return false;
}
try {
$stmt = $pdo->prepare('SELECT `rcpt`, `symbols`, `msg`, `domain` FROM `quarantine` WHERE `id`= :id');
$stmt->execute(array(':id' => $_data));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
return $row;
}
return false;
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
$stmt = $pdo->prepare('SELECT `rcpt`, `symbols`, `msg`, `domain` FROM `quarantine` WHERE `id`= :id');
$stmt->execute(array(':id' => $_data));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
return $row;
}
return false;
break;