From dd9296ffc28d6442d479f0f41a90950226cccaf2 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Fri, 6 Jan 2023 11:07:44 +0100 Subject: [PATCH] [Web] fix extend_sender_acl issue for domainadmins --- data/web/inc/functions.mailbox.inc.php | 95 +++++++++++++------------- data/web/lang/lang.de-de.json | 1 + data/web/lang/lang.en-gb.json | 1 + data/web/templates/edit/mailbox.twig | 6 +- 4 files changed, 54 insertions(+), 49 deletions(-) diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php index d67fa3e3..f6162cc6 100644 --- a/data/web/inc/functions.mailbox.inc.php +++ b/data/web/inc/functions.mailbox.inc.php @@ -2879,67 +2879,68 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'access_denied' + 'msg' => 'extended_sender_acl_denied' ); - return false; } - $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl'])); - foreach ($extra_acls as $i => &$extra_acl) { - if (empty($extra_acl)) { - continue; - } - if (substr($extra_acl, 0, 1) === "@") { - $extra_acl = ltrim($extra_acl, '@'); - } - if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl)) - ); - unset($extra_acls[$i]); - continue; - } - $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')); - if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) { - $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46); - if (in_array($extra_acl_domain, $domains)) { + else { + $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl'])); + foreach ($extra_acls as $i => &$extra_acl) { + if (empty($extra_acl)) { + continue; + } + if (substr($extra_acl, 0, 1) === "@") { + $extra_acl = ltrim($extra_acl, '@'); + } + if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('extra_acl_invalid_domain', $extra_acl_domain) + 'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl)) ); unset($extra_acls[$i]); continue; } - } - else { - if (in_array($extra_acl, $domains)) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('extra_acl_invalid_domain', $extra_acl_domain) - ); - unset($extra_acls[$i]); - continue; + $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')); + if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) { + $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46); + if (in_array($extra_acl_domain, $domains)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('extra_acl_invalid_domain', $extra_acl_domain) + ); + unset($extra_acls[$i]); + continue; + } + } + else { + if (in_array($extra_acl, $domains)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('extra_acl_invalid_domain', $extra_acl_domain) + ); + unset($extra_acls[$i]); + continue; + } + $extra_acl = '@' . $extra_acl; } - $extra_acl = '@' . $extra_acl; } - } - $extra_acls = array_filter($extra_acls); - $extra_acls = array_values($extra_acls); - $extra_acls = array_unique($extra_acls); - $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username"); - $stmt->execute(array( - ':username' => $username - )); - foreach ($extra_acls as $sender_acl_external) { - $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`) - VALUES (:sender_acl, :username, 1)"); + $extra_acls = array_filter($extra_acls); + $extra_acls = array_values($extra_acls); + $extra_acls = array_unique($extra_acls); + $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username"); $stmt->execute(array( - ':sender_acl' => $sender_acl_external, ':username' => $username )); + foreach ($extra_acls as $sender_acl_external) { + $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`) + VALUES (:sender_acl, :username, 1)"); + $stmt->execute(array( + ':sender_acl' => $sender_acl_external, + ':username' => $username + )); + } } } if (isset($_data['sender_acl'])) { diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json index 89942e4e..bc94e619 100644 --- a/data/web/lang/lang.de-de.json +++ b/data/web/lang/lang.de-de.json @@ -363,6 +363,7 @@ "domain_not_empty": "Domain %s ist nicht leer", "domain_not_found": "Domain %s nicht gefunden", "domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein", + "extended_sender_acl_denied": "Keine Rechte zum setzen von externen Absenderadressen", "extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig", "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain", "fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s", diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json index bec5351d..e1323f94 100644 --- a/data/web/lang/lang.en-gb.json +++ b/data/web/lang/lang.en-gb.json @@ -363,6 +363,7 @@ "domain_not_empty": "Cannot remove non-empty domain %s", "domain_not_found": "Domain %s not found", "domain_quota_m_in_use": "Domain quota must be greater or equal to %s MiB", + "extended_sender_acl_denied": "missing ACL to set external sender addresses", "extra_acl_invalid": "External sender address \"%s\" is invalid", "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain", "fido2_verification_failed": "FIDO2 verification failed: %s", diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig index 289638d6..36fe053b 100644 --- a/data/web/templates/edit/mailbox.twig +++ b/data/web/templates/edit/mailbox.twig @@ -200,8 +200,10 @@ {% if sender_acl_handles.external_sender_aliases %} {% set ext_sender_acl = sender_acl_handles.external_sender_aliases|join(', ') %} {% endif %} - - {{ lang.edit.extended_sender_acl_info|raw }} + {% if acl.extend_sender_acl and acl.extend_sender_acl == 1 %} + + {{ lang.edit.extended_sender_acl_info|raw }} + {% endif %}