Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix autodiscover.php: Use random error IDs and fix SQL type casting

Browse Source 
- Replace hardcoded error IDs with random values (1-10 billion range) for better debugging
- Cast SimpleXMLElement email to string before SQL query to prevent type errors
- Qualify ambiguous 'active' column with table names in JOIN query
- Add proper error XML response for database errors instead of die()
- Ensure all error paths return complete XML documents
This commit is contained in:
DerLinkman 2025-12-17 14:27:38 +01:00
parent ee15721550
commit ec77406dba
No known key found for this signature in database
GPG Key ID: AA4A82514748F5A9
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
data/web/autodiscover.php
View File

@ -94,7 +94,7 @@ if(!$data) {
list($usec, $sec) = explode(' ', microtime()); list($usec, $sec) = explode(' ', microtime());
?> ?>
<Response> <Response>
<Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272013"> <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
<ErrorCode>600</ErrorCode> <ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message> <Message>Invalid Request</Message>
<DebugData /> <DebugData />
@ -128,7 +128,7 @@ try {
list($usec, $sec) = explode(' ', microtime()); list($usec, $sec) = explode(' ', microtime());
?> ?>
<Response> <Response>
<Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272013"> <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
<ErrorCode>600</ErrorCode> <ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message> <Message>Invalid Request</Message>
<DebugData /> <DebugData />
@ -139,9 +139,9 @@ try {
exit(0); exit(0);
} }
$username = trim($email); $username = trim((string)$email);
try { try {
$stmt = $pdo->prepare("SELECT `name`, `active` FROM `mailbox` $stmt = $pdo->prepare("SELECT `mailbox`.`name`, `mailbox`.`active` FROM `mailbox`
INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain` INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
WHERE `mailbox`.`username` = :username WHERE `mailbox`.`username` = :username
AND `mailbox`.`active` = '1' AND `mailbox`.`active` = '1'
@ -150,7 +150,19 @@ try {
$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
} }
catch(PDOException $e) { catch(PDOException $e) {
die("Failed to determine name from SQL"); // Database error - return error response with complete XML
list($usec, $sec) = explode(' ', microtime());
?>
<Response>
<Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
<ErrorCode>500</ErrorCode>
<Message>Database Error</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
<?php
exit(0);
} }
// Mailbox not found or not active - return error // Mailbox not found or not active - return error
@ -174,7 +186,7 @@ if (empty($MailboxData)) {
list($usec, $sec) = explode(' ', microtime()); list($usec, $sec) = explode(' ', microtime());
?> ?>
<Response> <Response>
<Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272014"> <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="<?=rand(1000000000, 9999999999);?>">
<ErrorCode>600</ErrorCode> <ErrorCode>600</ErrorCode>
<Message>Mailbox not found</Message> <Message>Mailbox not found</Message>
<DebugData /> <DebugData />