From d5612cf60f0288049161618211e054abed8533e9 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 26 May 2019 09:22:06 +0200 Subject: [PATCH] [Web] More fixes for alias as sender_acl --- data/web/edit.php | 2 +- data/web/inc/functions.mailbox.inc.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/data/web/edit.php b/data/web/edit.php index 6d387eb7..92cd40cf 100644 --- a/data/web/edit.php +++ b/data/web/edit.php @@ -536,7 +536,7 @@ if (isset($_SESSION['mailcow_cc_role'])) { prepare("DELETE FROM `sender_acl` WHERE + `logged_in_as` = :goto AND + `send_as` = :address"); + $stmt->execute(array( + ':goto' => $goto, + ':address' => $address + )); } $gotos = array_filter($gotos); $goto = implode(",", $gotos); @@ -2140,11 +2148,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $stmt->execute(array( ':username' => $username )); + $fixed_sender_aliases = mailbox('get', 'sender_acl_handles', $username)['fixed_sender_aliases']; foreach ($sender_acl_merged as $sender_acl) { $domain = ltrim($sender_acl, '@'); if (is_valid_domain_name($domain)) { $sender_acl = '@' . $domain; } + // Don't add if allowed by alias + if (in_array($sender_acl, $fixed_sender_aliases)) { + continue; + } $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`) VALUES (:sender_acl, :username)"); $stmt->execute(array( @@ -2398,6 +2411,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { )); $rows_mbox = $stmt->fetchAll(PDO::FETCH_ASSOC); while ($row = array_shift($rows_mbox)) { + // Aliases are not selectable + if (in_array($row['address'], $data['fixed_sender_aliases'])) { + continue; + } if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) { $data['sender_acl_addresses']['selectable'][] = $row['address']; }