Merge pull request #5197 from mailcow/fix/bcc-validation

[Web] Fix BCC validation
This commit is contained in:
Patrick Schult 2023-05-08 16:32:12 +02:00 committed by GitHub
commit c0745c5cde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 1 deletions

View File

@ -49,7 +49,9 @@ function bcc($_action, $_data = null, $_attr = null) {
}
elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) {
$mailbox = mailbox('get', 'mailbox_details', $local_dest);
if ($mailbox === false && array_key_exists($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {
$shared_aliases = mailbox('get', 'shared_aliases');
$direct_aliases = mailbox('get', 'direct_aliases');
if ($mailbox === false && in_array($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_attr),

View File

@ -3965,6 +3965,39 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
}
return $aliasdomaindata;
break;
case 'shared_aliases':
$shared_aliases = array();
$stmt = $pdo->query("SELECT `address` FROM `alias`
WHERE `goto` REGEXP ','
AND `address` NOT LIKE '@%'
AND `goto` != `address`");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$domain = explode("@", $row['address'])[1];
if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
$shared_aliases[] = $row['address'];
}
}
return $shared_aliases;
break;
case 'direct_aliases':
$direct_aliases = array();
$stmt = $pdo->query("SELECT `address` FROM `alias`
WHERE `goto` NOT LIKE '%,%'
AND `address` NOT LIKE '@%'
AND `goto` != `address`");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$domain = explode("@", $row['address'])[1];
if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
$direct_aliases[] = $row['address'];
}
}
return $direct_aliases;
break;
case 'domains':
$domains = array();
if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {