[Web] Add SMTP rcpt to qitems, filter invalid addresses
This commit is contained in:
parent
b93371ca0a
commit
22f0a14b87
@ -23,7 +23,9 @@ function rrmdir($src) {
|
|||||||
function addAddresses(&$list, $mail, $headerName) {
|
function addAddresses(&$list, $mail, $headerName) {
|
||||||
$addresses = $mail->getAddresses($headerName);
|
$addresses = $mail->getAddresses($headerName);
|
||||||
foreach ($addresses as $address) {
|
foreach ($addresses as $address) {
|
||||||
$list[] = array('address' => $address['address'], 'type' => $headerName);
|
if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) {
|
||||||
|
$list[] = array('address' => $address['address'], 'type' => $headerName);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -51,6 +53,7 @@ if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) {
|
|||||||
addAddresses($recipientsList, $mail_parser, 'to');
|
addAddresses($recipientsList, $mail_parser, 'to');
|
||||||
addAddresses($recipientsList, $mail_parser, 'cc');
|
addAddresses($recipientsList, $mail_parser, 'cc');
|
||||||
addAddresses($recipientsList, $mail_parser, 'bcc');
|
addAddresses($recipientsList, $mail_parser, 'bcc');
|
||||||
|
$recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'SMTP');
|
||||||
$data['recipients'] = $recipientsList;
|
$data['recipients'] = $recipientsList;
|
||||||
}
|
}
|
||||||
// Get from
|
// Get from
|
||||||
@ -72,6 +75,10 @@ elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
|
|||||||
}
|
}
|
||||||
$tmpdir = '/tmp/' . $_GET['id'] . '/';
|
$tmpdir = '/tmp/' . $_GET['id'] . '/';
|
||||||
$mailc = quarantine('details', $_GET['id']);
|
$mailc = quarantine('details', $_GET['id']);
|
||||||
|
if ($mailc === false) {
|
||||||
|
echo json_encode(array('error' => 'Access denied'));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
if (strlen($mailc['msg']) > 10485760) {
|
if (strlen($mailc['msg']) > 10485760) {
|
||||||
echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
|
echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
|
||||||
exit;
|
exit;
|
||||||
@ -101,6 +108,7 @@ elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
|
|||||||
addAddresses($recipientsList, $mail_parser, 'to');
|
addAddresses($recipientsList, $mail_parser, 'to');
|
||||||
addAddresses($recipientsList, $mail_parser, 'cc');
|
addAddresses($recipientsList, $mail_parser, 'cc');
|
||||||
addAddresses($recipientsList, $mail_parser, 'bcc');
|
addAddresses($recipientsList, $mail_parser, 'bcc');
|
||||||
|
$recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'SMTP');
|
||||||
$data['recipients'] = $recipientsList;
|
$data['recipients'] = $recipientsList;
|
||||||
}
|
}
|
||||||
// Get from
|
// Get from
|
||||||
|
@ -361,7 +361,7 @@ function quarantine($_action, $_data = null) {
|
|||||||
$stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
|
$stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
|
||||||
$stmt->execute(array(':id' => $id));
|
$stmt->execute(array(':id' => $id));
|
||||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
|
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin') {
|
||||||
$_SESSION['return'][] = array(
|
$_SESSION['return'][] = array(
|
||||||
'type' => 'danger',
|
'type' => 'danger',
|
||||||
'msg' => 'access_denied'
|
'msg' => 'access_denied'
|
||||||
@ -812,7 +812,7 @@ function quarantine($_action, $_data = null) {
|
|||||||
$stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE `id`= :id');
|
$stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE `id`= :id');
|
||||||
$stmt->execute(array(':id' => $_data));
|
$stmt->execute(array(':id' => $_data));
|
||||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
|
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) || $_SESSION['mailcow_cc_role'] == 'admin') {
|
||||||
return $row;
|
return $row;
|
||||||
}
|
}
|
||||||
logger(array('return' => array(
|
logger(array('return' => array(
|
||||||
|
Loading…
Reference in New Issue
Block a user