[Web] Add smtp and header from to quarantine items, add more info to qhandler, allow to open qhandler links from qitem details
This commit is contained in:
andryyy
@@ -2,9 +2,6 @@
|
||||
session_start();
|
||||
header("Content-Type: application/json");
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
|
||||
if (!isset($_SESSION['mailcow_cc_role'])) {
|
||||
exit();
|
||||
}
|
||||
|
||||
function rrmdir($src) {
|
||||
$dir = opendir($src);
|
||||
@@ -22,6 +19,7 @@ function rrmdir($src) {
|
||||
closedir($dir);
|
||||
rmdir($src);
|
||||
}
|
||||
|
||||
function addAddresses(&$list, $mail, $headerName) {
|
||||
$addresses = $mail->getAddresses($headerName);
|
||||
foreach ($addresses as $address) {
|
||||
@@ -29,7 +27,49 @@ function addAddresses(&$list, $mail, $headerName) {
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
|
||||
if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) {
|
||||
$mailc = quarantine('hash_details', $_GET['hash']);
|
||||
if ($mailc === false) {
|
||||
echo json_encode(array('error' => 'Message invalid'));
|
||||
exit;
|
||||
}
|
||||
if (strlen($mailc['msg']) > 10485760) {
|
||||
echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
|
||||
exit;
|
||||
}
|
||||
if (!empty($mailc['msg'])) {
|
||||
// Init message array
|
||||
$data = array();
|
||||
// Init parser
|
||||
$mail_parser = new PhpMimeMailParser\Parser();
|
||||
$html2text = new Html2Text\Html2Text();
|
||||
// Load msg to parser
|
||||
$mail_parser->setText($mailc['msg']);
|
||||
// Get mail recipients
|
||||
{
|
||||
$recipientsList = array();
|
||||
addAddresses($recipientsList, $mail_parser, 'to');
|
||||
addAddresses($recipientsList, $mail_parser, 'cc');
|
||||
addAddresses($recipientsList, $mail_parser, 'bcc');
|
||||
$data['recipients'] = $recipientsList;
|
||||
}
|
||||
// Get from
|
||||
$data['header_from'] = $mail_parser->getHeader('from');
|
||||
$data['env_from'] = $mailc['sender'];
|
||||
// Get rspamd score
|
||||
$data['score'] = $mailc['score'];
|
||||
// Get rspamd symbols
|
||||
$data['symbols'] = json_decode($mailc['symbols']);
|
||||
$data['subject'] = $mail_parser->getHeader('subject');
|
||||
(empty($data['subject'])) ? $data['subject'] = '-' : null;
|
||||
echo json_encode($data);
|
||||
}
|
||||
}
|
||||
elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
|
||||
if (!isset($_SESSION['mailcow_cc_role'])) {
|
||||
echo json_encode(array('error' => 'Access denied'));
|
||||
exit();
|
||||
}
|
||||
$tmpdir = '/tmp/' . $_GET['id'] . '/';
|
||||
$mailc = quarantine('details', $_GET['id']);
|
||||
if (strlen($mailc['msg']) > 10485760) {
|
||||
@@ -37,6 +77,16 @@ if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
|
||||
exit;
|
||||
}
|
||||
if (!empty($mailc['msg'])) {
|
||||
if (isset($_GET['quick_release'])) {
|
||||
$hash = hash('sha256', $mailc['id'] . $mailc['qid']);
|
||||
header('Location: /qhandler/release/' . $hash);
|
||||
exit;
|
||||
}
|
||||
if (isset($_GET['quick_delete'])) {
|
||||
$hash = hash('sha256', $mailc['id'] . $mailc['qid']);
|
||||
header('Location: /qhandler/delete/' . $hash);
|
||||
exit;
|
||||
}
|
||||
// Init message array
|
||||
$data = array();
|
||||
// Init parser
|
||||
@@ -53,7 +103,9 @@ if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
|
||||
addAddresses($recipientsList, $mail_parser, 'bcc');
|
||||
$data['recipients'] = $recipientsList;
|
||||
}
|
||||
|
||||
// Get from
|
||||
$data['header_from'] = $mail_parser->getHeader('from');
|
||||
$data['env_from'] = $mailc['sender'];
|
||||
// Get rspamd score
|
||||
$data['score'] = $mailc['score'];
|
||||
// Get rspamd symbols
|
||||
|
||||
@@ -16,7 +16,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => 'access_denied'
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
$stmt = $pdo->prepare('SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl`.`username` = `rcpt`
|
||||
WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash
|
||||
@@ -32,7 +32,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => 'access_denied'
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
$stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE id = :id");
|
||||
@@ -59,7 +59,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => 'access_denied'
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
$stmt = $pdo->prepare('SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl`.`username` = `rcpt`
|
||||
WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash
|
||||
@@ -75,7 +75,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => 'access_denied'
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
$stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
|
||||
@@ -96,7 +96,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => array('release_send_failed', 'Cannot determine Postfix host')
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
$release_format = $redis->Get('Q_RELEASE_FORMAT');
|
||||
@@ -109,7 +109,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => array('redis_error', $e)
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
if ($release_format == 'attachment') {
|
||||
try {
|
||||
@@ -137,7 +137,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => array('release_send_failed', 'Cannot determine Postfix host')
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
$mail->Host = $postfix;
|
||||
$mail->Port = 590;
|
||||
@@ -162,7 +162,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => array('release_send_failed', $e->errorMessage())
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
elseif ($release_format == 'raw') {
|
||||
@@ -199,7 +199,7 @@ function quarantine($_action, $_data = null) {
|
||||
'msg' => 'Postfix returned SMTP code ' . $smtp_resource . ', expected ' . $postfix_talk[$i][0]
|
||||
)
|
||||
)));
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
if ($postfix_talk[$i][1] !== '') {
|
||||
fputs($smtp_connection, $postfix_talk[$i][1]);
|
||||
@@ -809,13 +809,36 @@ function quarantine($_action, $_data = null) {
|
||||
if (!is_numeric($_data) || empty($_data)) {
|
||||
return false;
|
||||
}
|
||||
$stmt = $pdo->prepare('SELECT `rcpt`, `score`, `symbols`, `msg`, `domain` FROM `quarantine` WHERE `id`= :id');
|
||||
$stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE `id`= :id');
|
||||
$stmt->execute(array(':id' => $_data));
|
||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
|
||||
return $row;
|
||||
}
|
||||
logger(array('return' => array(
|
||||
array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data_log),
|
||||
'msg' => 'access_denied'
|
||||
)
|
||||
)));
|
||||
return false;
|
||||
break;
|
||||
case 'hash_details':
|
||||
$hash = trim($_data);
|
||||
if (preg_match("/^([a-f0-9]{64})$/", $hash) === false) {
|
||||
logger(array('return' => array(
|
||||
array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_data_log),
|
||||
'msg' => 'access_denied'
|
||||
)
|
||||
)));
|
||||
return false;
|
||||
}
|
||||
$stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash');
|
||||
$stmt->execute(array(':hash' => $hash));
|
||||
return $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
if (preg_match("/edit/i", $_SERVER['REQUEST_URI'])) {
|
||||
$css_minifier->add('/web/css/site/edit.css');
|
||||
}
|
||||
if (preg_match("/quarantine/i", $_SERVER['REQUEST_URI'])) {
|
||||
if (preg_match("/(quarantine|qhandler)/i", $_SERVER['REQUEST_URI'])) {
|
||||
$css_minifier->add('/web/css/site/quarantine.css');
|
||||
}
|
||||
if (preg_match("/debug/i", $_SERVER['REQUEST_URI'])) {
|
||||
|
||||
Reference in New Issue
Block a user