From 88078fcdc3a897a8ac2783c82c7d7eae3bcfdab2 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Tue, 22 Sep 2020 09:33:47 +0200
Subject: [PATCH] Validate mail forwarding destination

---
 interface/web/mail/lib/lang/de_mail_forward.lng |  2 ++
 interface/web/mail/lib/lang/en_mail_forward.lng |  2 ++
 interface/web/mail/mail_forward_edit.php        | 11 +++++++++++
 3 files changed, 15 insertions(+)

diff --git a/interface/web/mail/lib/lang/de_mail_forward.lng b/interface/web/mail/lib/lang/de_mail_forward.lng
index f10d789671..4825ef7811 100644
--- a/interface/web/mail/lib/lang/de_mail_forward.lng
+++ b/interface/web/mail/lib/lang/de_mail_forward.lng
@@ -6,6 +6,8 @@ $wb['limit_mailforward_txt'] = 'Die maximale Anzahl an E-Mail Weiterleitungen f
 $wb['duplicate_mailbox_txt'] = 'Es existiert bereits ein E-Mail Konto mit dieser Adresse.';
 $wb['domain_txt'] = 'Domain';
 $wb['source_txt'] = 'Quell E-Mail Adresse';
+$wb['destination_error_empty'] = 'Das Weiterleitungsziel darf nicht leer sein.';
+$wb['destination_error_isemail'] = 'Das Weiterleitungsziel enthÃ¤lt mindestens eine ungÃ¼ltige E-Mail-Adresse.';
 $wb['email_error_isemail'] = 'Bitte geben Sie eine gÃ¼ltige E-Mail Adresse an.';
 $wb['send_as_txt'] = 'Senden als';
 $wb['send_as_exp'] = 'Ziel erlauben, die Adresse als Absender zu nutzen (Nur, falls das Ziel intern ist)';
diff --git a/interface/web/mail/lib/lang/en_mail_forward.lng b/interface/web/mail/lib/lang/en_mail_forward.lng
index afa3363560..c38e2bf4ff 100644
--- a/interface/web/mail/lib/lang/en_mail_forward.lng
+++ b/interface/web/mail/lib/lang/en_mail_forward.lng
@@ -6,6 +6,8 @@ $wb['limit_mailforward_txt'] = 'The max. number of email forwarders for your acc
 $wb['duplicate_mailbox_txt'] = 'There is already a mailbox with this email address';
 $wb['domain_txt'] = 'Domain';
 $wb['source_txt'] = 'Source Email';
+$wb['destination_error_empty'] = 'The destination must not be empty.';
+$wb['destination_error_isemail'] = 'The destination contains at least one invalid email address.';
 $wb['email_error_isemail'] = 'Please enter a valid email address.';
 $wb['send_as_txt'] = 'Send as';
 $wb['send_as_exp'] = 'Allow target to send mail using this address as origin (if target is internal)';
diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php
index e783ad98a9..51ad19e823 100644
--- a/interface/web/mail/mail_forward_edit.php
+++ b/interface/web/mail/mail_forward_edit.php
@@ -120,6 +120,17 @@ class page_action extends tform_actions {
 		unset($this->dataRecord["email_local_part"]);
 		unset($this->dataRecord["email_domain"]);
 
+		if(trim($this->dataRecord['destination']) == '') {
+			$app->tform->errorMessage .= $app->tform->lng('destination_error_empty') . '<br />';
+		} else {
+			$targets = preg_split('/\s*[,;]\s*/', trim($this->dataRecord['destination']));
+			foreach($targets as $target) {
+				if(!$target || filter_var($target, FILTER_VALIDATE_EMAIL) === false) {
+					$app->tform->errorMessage .= $app->tform->lng('destination_error_isemail') . '<br />'
+				}
+			}
+		}
+
 		//* Check if there is no active mailbox with this address
 		$tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $this->dataRecord["source"]);
 		if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_mailbox_txt")."<br>";
-- 
GitLab