Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 7b2a3a1c374b0a853b379f41561dcf2796c55986^! / . / mailcow / src / mailcow-dockerized / data / web / inc / functions.address_rewriting.inc.php
commit7b2a3a1c374b0a853b379f41561dcf2796c55986[log] [tgz]
authorMatthias Andreas Benkard <code@mail.matthias.benkard.de>Mon Aug 16 10:57:25 2021 +0200
committerMatthias Andreas Benkard <code@mail.matthias.benkard.de>Mon Aug 16 10:57:25 2021 +0200
tree28fe5b17bb86fa7f276e64c6981ab05401a84038
parent8bb60d08ffa0baf1a0e81e705342d6f25dd8511c [diff] [blame]
git subrepo commit (merge) mailcow/src/mailcow-dockerized

subrepo: subdir:   "mailcow/src/mailcow-dockerized"
  merged:   "02ae5285"
upstream: origin:   "https://github.com/mailcow/mailcow-dockerized.git"
  branch:   "master"
  commit:   "649a5c01"
git-subrepo: version:  "0.4.3"
  origin:   "???"
  commit:   "???"
Change-Id: I870ad468fba026cc5abf3c5699ed1e12ff28b32b

diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/functions.address_rewriting.inc.php b/mailcow/src/mailcow-dockerized/data/web/inc/functions.address_rewriting.inc.php
index 51cdd73..8193c05 100644
--- a/mailcow/src/mailcow-dockerized/data/web/inc/functions.address_rewriting.inc.php
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/functions.address_rewriting.inc.php

@@ -1,5 +1,5 @@
 <?php

-function bcc($_action, $_data = null, $attr = null) {

+function bcc($_action, $_data = null, $_attr = null) {

 	global $pdo;

 	global $lang;

   if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {

@@ -48,7 +48,8 @@
         $local_dest_sane = '@' . idn_to_ascii($local_dest, 0, INTL_IDNA_VARIANT_UTS46);

       }

       elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) {

-        if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) {

+        $mailbox = mailbox('get', 'mailbox_details', $local_dest);

+        if ($mailbox === false && array_key_exists($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {

           $_SESSION['return'][] = array(

             'type' => 'danger',

             'log' => array(__FUNCTION__, $_action, $_data, $_attr),

@@ -56,10 +57,16 @@
           );

           return false;

         }

-        $domain = mailbox('get', 'mailbox_details', $local_dest)['domain'];

-        if (empty($domain)) {

-          return false;

+        if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest) &&

+          !hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_data, $_attr),

+              'msg' => 'access_denied'

+            );

+            return false;

         }

+        $domain = idn_to_ascii(substr(strstr($local_dest, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);

         $local_dest_sane = $local_dest;

       }

       else {

@@ -128,7 +135,6 @@
           );

           continue;

         }

-        $active = intval($_data['active']);

         if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {

           $_SESSION['return'][] = array(

             'type' => 'danger',