Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

readd imapsync fix

Browse Source
This commit is contained in:
FreddleSpl0it 2022-07-13 17:02:14 +02:00
parent 83efd3e506
commit bee762737e
No known key found for this signature in database
GPG Key ID: 6315227FF33D2425
3 changed files with 134 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
data/web/inc/functions.mailbox.inc.php
View File

@ -341,7 +341,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
foreach (explode(' -', $custom_params) as $param){ foreach (explode(' -', $custom_params) as $param){
if(empty($param)) continue; if(empty($param)) continue;
if (str_contains($param, ' ')) { if (str_contains(explode('=', $param)[0], ' ')) {
// bad char // bad char
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
@ -1796,7 +1796,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
foreach (explode(' -', $custom_params) as $param){ foreach (explode(' -', $custom_params) as $param){
if(empty($param)) continue; if(empty($param)) continue;
if (str_contains($param, ' ')) { if (str_contains(explode('=', $param)[0], ' ')) {
// bad char // bad char
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',

16
data/web/inc/init_db.inc.php
View File

@ -3,7 +3,7 @@ function init_db_schema() {
try { try {
global $pdo; global $pdo;
$db_version = "04072022_1642"; $db_version = "13072022_1700";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@ -440,7 +440,7 @@ function init_db_schema() {
"spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'", "spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
"spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'", "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
"delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'", "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'", "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
"eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'", "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
"sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'", "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
"pushover" => "TINYINT(1) NOT NULL DEFAULT '1'", "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
@ -1227,8 +1227,16 @@ function init_db_schema() {
$pdo->query($create); $pdo->query($create);
} }
// Mitigate imapsync pipemess issue // Mitigate imapsync argument injection issue
$pdo->query("UPDATE `imapsync` SET `custom_params` = '' WHERE `custom_params` LIKE '%pipemess%';"); $pdo->query("UPDATE `imapsync` SET `custom_params` = ''
WHERE `custom_params` LIKE '%pipemess%'
OR custom_params LIKE '%skipmess%'
OR custom_params LIKE '%delete2foldersonly%'
OR custom_params LIKE '%delete2foldersbutnot%'
OR custom_params LIKE '%regexflag%'
OR custom_params LIKE '%pipemess%'
OR custom_params LIKE '%regextrans2%'
OR custom_params LIKE '%maxlinelengthcmd%';");
// Migrate webauthn tfa // Migrate webauthn tfa
$stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')"); $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");

244
data/web/inc/vars.inc.php
View File

@ -232,131 +232,127 @@ $RSPAMD_MAPS = array(
$IMAPSYNC_OPTIONS = array( $IMAPSYNC_OPTIONS = array(
'whitelist' => array( 'whitelist' => array(
'log', 'authmech1',
'showpasswords', 'authmech2',
'nossl1', 'authuser1',
'nossl2', 'authuser2',
'ssl2', 'debugcontent',
'notls1', 'disarmreadreceipts',
'notls2', 'logdir',
'tls2', 'debugcrossduplicates',
'debugssl', 'maxsize',
'sslargs1', 'minsize',
'sslargs2', 'minage',
'authmech1', 'search',
'authmech2', 'noabletosearch',
'authuser1', 'pidfile',
'authuser2', 'pidfilelocking',
'proxyauth1', 'search1',
'proxyauth2', 'search2',
'authmd51', 'sslargs1',
'authmd52', 'sslargs2',
'domain1', 'syncduplicates',
'domain2', 'usecache',
'oauthaccesstoken1', 'synclabels',
'oauthaccesstoken2', 'truncmess',
'oauthdirect1', 'domino2',
'oauthdirect2', 'expunge1',
'folder', 'filterbuggyflags',
'folder', 'justconnect',
'folderrec', 'justfolders',
'folderrec', 'maxlinelength',
'folderfirst', 'useheader',
'folderfirst', 'noabletosearch1',
'folderlast', 'nolog',
'folderlast', 'prefix1',
'nomixfolders', 'prefix2',
'skipemptyfolders', 'sep1',
'include', 'sep2',
'include', 'nofoldersizesatend',
'subfolder1', 'justfoldersizes',
'subscribed', 'proxyauth1',
'subscribe', 'skipemptyfolders',
'prefix1', 'include',
'prefix2', 'subfolder1',
'sep1', 'subscribed',
'sep2', 'subscribe',
'nofoldersizesatend', 'debug',
'justfoldersizes', 'debugimap2',
'pidfile', 'domino1',
'pidfilelocking', 'exchange1',
'nolog', 'exchange2',
'logfile', 'justlogin',
'logdir', 'keepalive1',
'debugcrossduplicates', 'keepalive2',
'disarmreadreceipts', 'noabletosearch2',
'truncmess', 'noexpunge2',
'synclabels', 'noresyncflags',
'resynclabels', 'nossl1',
'resyncflags', 'nouidexpunge2',
'noresyncflags', 'syncinternaldates',
'filterbuggyflags', 'idatefromheader',
'expunge1', 'useuid',
'noexpunge1', 'debugflags',
'delete1emptyfolders', 'debugimap',
'delete2folders', 'delete1emptyfolders',
'noexpunge2', 'delete2folders',
'nouidexpunge2', 'gmail2',
'syncinternaldates', 'office1',
'idatefromheader', 'testslive6',
'maxsize', 'debugimap1',
'minsize', 'errorsmax',
'minage', 'tests',
'search', 'gmail1',
'search1', 'maxmessagespersecond',
'search2', 'maxbytesafter',
'noabletosearch', 'maxsleep',
'noabletosearch1', 'abort',
'noabletosearch2', 'resyncflags',
'maxlinelength', 'resynclabels',
'useheader', 'syncacls',
'useheader', 'nosyncacls',
'syncduplicates', 'nousecache',
'usecache', 'office2',
'nousecache', 'testslive',
'useuid', 'debugmemory',
'syncacls', 'exitwhenover',
'nosyncacls', 'noid',
'debug', 'noexpunge1',
'debugfolders', 'authmd51',
'debugcontent', 'logfile',
'debugflags', 'proxyauth2',
'debugimap1', 'domain1',
'debugimap2', 'domain2',
'debugimap', 'oauthaccesstoken1',
'debugmemory', 'oauthaccesstoken2',
'errorsmax', 'oauthdirect1',
'tests', 'oauthdirect2',
'testslive', 'folder',
'testslive6', 'folderrec',
'gmail1', 'folderfirst',
'gmail2', 'folderlast',
'office1', 'nomixfolders',
'office2', 'authmd52',
'exchange1', 'debugfolders',
'exchange2', 'nossl2',
'domino1', 'ssl2',
'domino2', 'tls2',
'keepalive1', 'notls2',
'keepalive2', 'debugssl',
'maxmessagespersecond', 'notls1',
'maxbytesafter', 'inet4',
'maxsleep', 'inet6',
'abort', 'log',
'exitwhenover', 'showpasswords'
'noid',
'justconnect',
'justlogin',
'justfolders'
), ),
'blacklist' => array( 'blacklist' => array(
'skipmess', 'skipmess',
'delete2foldersonly', 'delete2foldersonly',
'delete2foldersbutnot', 'delete2foldersbutnot',
'regexflag', 'regexflag',
'regexmess', 'regexmess',
'pipemess', 'pipemess',
'regextrans2', 'regextrans2',
'maxlinelengthcmd' 'maxlinelengthcmd'
) )
); );