Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge pull request #5818 from mailcow/fix/web

Browse Source 
[Web] fix exception handler and rspamd_maps function
This commit is contained in:
Patrick Schult 2024-04-04 08:19:58 +02:00 committed by GitHub
commit 9decfa9c31
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
data/web/inc/footer.inc.php
View File

@ -12,7 +12,8 @@ $alertbox_log_parser = alertbox_log_parser($_SESSION);
$alerts = []; $alerts = [];
if (is_array($alertbox_log_parser)) { if (is_array($alertbox_log_parser)) {
foreach ($alertbox_log_parser as $log) { foreach ($alertbox_log_parser as $log) {
$message = strtr($log['msg'], ["\n" => '', "\r" => '', "\t" => '<br>']); $message = htmlspecialchars($log['msg'], ENT_QUOTES);
$message = strtr($message, ["\n" => '', "\r" => '', "\t" => '<br>']);
$alerts[trim($log['type'], '"')][] = trim($message, '"'); $alerts[trim($log['type'], '"')][] = trim($message, '"');
} }
$alert = array_filter(array_unique($alerts)); $alert = array_filter(array_unique($alerts));

6
data/web/inc/functions.rspamd.inc.php
View File

@ -143,6 +143,7 @@ function rspamd_maps($_action, $_data = null) {
return false; return false;
} }
$maps = (array)$_data['map']; $maps = (array)$_data['map'];
$valid_maps = array();
foreach ($maps as $map) { foreach ($maps as $map) {
foreach ($RSPAMD_MAPS as $rspamd_map_type) { foreach ($RSPAMD_MAPS as $rspamd_map_type) {
if (!in_array($map, $rspamd_map_type)) { if (!in_array($map, $rspamd_map_type)) {
@ -151,9 +152,12 @@ function rspamd_maps($_action, $_data = null) {
'log' => array(__FUNCTION__, $_action, '-'), 'log' => array(__FUNCTION__, $_action, '-'),
'msg' => array('global_map_invalid', $map) 'msg' => array('global_map_invalid', $map)
); );
continue; } else {
array_push($valid_maps, $map);
} }
} }
}
foreach ($valid_maps as $map) {
try { try {
if (file_exists('/rspamd_custom_maps/' . $map)) { if (file_exists('/rspamd_custom_maps/' . $map)) {
$map_content = trim($_data['rspamd_map_data']); $map_content = trim($_data['rspamd_map_data']);

6
data/web/json_api.php
View File

@ -47,6 +47,12 @@ function api_log($_data) {
} }
} }
// Block requests not intended for direct API use by checking the 'Sec-Fetch-Dest' header.
if (isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] !== 'empty') {
header('HTTP/1.1 403 Forbidden');
exit;
}
if (isset($_GET['query'])) { if (isset($_GET['query'])) {
$query = explode('/', $_GET['query']); $query = explode('/', $_GET['query']);