Commit b23de011 authored by tbrehm's avatar tbrehm

Fixed: FS#2243 - Phpmyadmin Setting [SERVERNAME] Regex Issue

- Improved checks in mailbox delete function.
parent ba611213
...@@ -128,7 +128,7 @@ $form["tabs"]['sites'] = array ( ...@@ -128,7 +128,7 @@ $form["tabs"]['sites'] = array (
'datatype' => 'VARCHAR', 'datatype' => 'VARCHAR',
'formtype' => 'TEXT', 'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX', 'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^[0-9a-zA-Z\:\/\-\.]{0,255}$/', 'regex' => '/^[0-9a-zA-Z\:\/\-\.\[\]]{0,255}$/',
'errmsg'=> 'phpmyadmin_url_error_regex'), 'errmsg'=> 'phpmyadmin_url_error_regex'),
), ),
'default' => '', 'default' => '',
......
...@@ -312,8 +312,12 @@ class mail_plugin { ...@@ -312,8 +312,12 @@ class mail_plugin {
function user_delete($event_name,$data) { function user_delete($event_name,$data) {
global $app, $conf; global $app, $conf;
// get the config
$app->uses("getconf");
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
$old_maildir_path = escapeshellcmd($data['old']['maildir']); $old_maildir_path = escapeshellcmd($data['old']['maildir']);
if(!stristr($old_maildir_path,'..') && !stristr($old_maildir_path,'*') && strlen($old_maildir_path) >= 10) { if($old_maildir_path != $mail_config['homedir_path'] && strlen($old_maildir_path) > strlen($mail_config['homedir_path']) && !stristr($old_maildir_path,'..') && !stristr($old_maildir_path,'*') && strlen($old_maildir_path) >= 10) {
exec('rm -rf '.escapeshellcmd($old_maildir_path)); exec('rm -rf '.escapeshellcmd($old_maildir_path));
$app->log('Deleted the Maildir: '.$data['old']['maildir'],LOGLEVEL_DEBUG); $app->log('Deleted the Maildir: '.$data['old']['maildir'],LOGLEVEL_DEBUG);
} else { } else {
...@@ -330,7 +334,7 @@ class mail_plugin { ...@@ -330,7 +334,7 @@ class mail_plugin {
//* Delete maildomain path //* Delete maildomain path
$old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/'.$data['old']['domain']); $old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/'.$data['old']['domain']);
if(!stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) { if($old_maildomain_path != $mail_config['homedir_path'] && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
exec('rm -rf '.escapeshellcmd($old_maildomain_path)); exec('rm -rf '.escapeshellcmd($old_maildomain_path));
$app->log('Deleted the mail domain directory: '.$old_maildomain_path,LOGLEVEL_DEBUG); $app->log('Deleted the mail domain directory: '.$old_maildomain_path,LOGLEVEL_DEBUG);
} else { } else {
...@@ -339,7 +343,7 @@ class mail_plugin { ...@@ -339,7 +343,7 @@ class mail_plugin {
//* Delete mailfilter path //* Delete mailfilter path
$old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/mailfilters/'.$data['old']['domain']); $old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/mailfilters/'.$data['old']['domain']);
if(!stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) { if($old_maildomain_path != $mail_config['homedir_path'].'/mailfilters/' && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
exec('rm -rf '.escapeshellcmd($old_maildomain_path)); exec('rm -rf '.escapeshellcmd($old_maildomain_path));
$app->log('Deleted the mail domain mailfilter directory: '.$old_maildomain_path,LOGLEVEL_DEBUG); $app->log('Deleted the mail domain mailfilter directory: '.$old_maildomain_path,LOGLEVEL_DEBUG);
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment