git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized

subrepo: subdir:   "mailcow/src/mailcow-dockerized"
  merged:   "a832becb"
upstream: origin:   "https://github.com/mailcow/mailcow-dockerized.git"
  branch:   "master"
  commit:   "a832becb"
git-subrepo: version:  "0.4.3"
  origin:   "???"
  commit:   "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/functions.policy.inc.php b/mailcow/src/mailcow-dockerized/data/web/inc/functions.policy.inc.php
new file mode 100644
index 0000000..ad29bd2
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/functions.policy.inc.php
@@ -0,0 +1,320 @@
+<?php

+function policy($_action, $_scope, $_data = null) {

+	global $pdo;

+	global $redis;

+	global $lang;

+	$_data_log = $_data;

+  switch ($_action) {

+    case 'add':

+      if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {

+        $_SESSION['return'][] = array(

+          'type' => 'danger',

+          'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+          'msg' => 'access_denied'

+        );

+        return false;

+      }

+      switch ($_scope) {

+        case 'domain':

+          $object = $_data['domain'];

+          if (is_valid_domain_name($object)) {

+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                'msg' => 'access_denied'

+              );

+              return false;

+            }

+            $object = idn_to_ascii(strtolower(trim($object)), 0, INTL_IDNA_VARIANT_UTS46);

+          }

+          else {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'access_denied'

+            );

+            return false;

+          }

+          if ($_data['object_list'] == "bl") {

+            $object_list = "blacklist_from";

+          }

+          elseif ($_data['object_list'] == "wl") {

+            $object_list = "whitelist_from";

+          }

+          $object_from = trim(strtolower($_data['object_from']));

+          if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'policy_list_from_invalid'

+            );

+            return false;

+          }

+          if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'access_denied'

+            );

+            return false;

+          }

+          $stmt = $pdo->prepare("SELECT `object` FROM `filterconf`

+            WHERE (`option` = 'whitelist_from'  OR `option` = 'blacklist_from')

+              AND `object` = :object

+              AND `value` = :object_from");

+          $stmt->execute(array(':object' => $object, ':object_from' => $object_from));

+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));

+          if ($num_results != 0) {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'policy_list_from_exists'

+            );

+            return false;

+          }

+

+          $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)

+            VALUES (:object, :object_list, :object_from)");

+          $stmt->execute(array(

+            ':object' => $object,

+            ':object_list' => $object_list,

+            ':object_from' => $object_from

+          ));

+

+          $_SESSION['return'][] = array(

+            'type' => 'success',

+            'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+            'msg' => array('domain_modified', $object)

+          );

+        break;

+        case 'mailbox':

+          $object = $_data['username'];

+          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'access_denied'

+            );

+            return false;

+          }

+          if ($_data['object_list'] == "bl") {

+            $object_list = "blacklist_from";

+          }

+          elseif ($_data['object_list'] == "wl") {

+            $object_list = "whitelist_from";

+          }

+          $object_from = trim(strtolower($_data['object_from']));

+          if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'policy_list_from_invalid'

+            );

+            return false;

+          }

+          if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'access_denied'

+            );

+            return false;

+          }

+          $stmt = $pdo->prepare("SELECT `object` FROM `filterconf`

+            WHERE (`option` = 'whitelist_from'  OR `option` = 'blacklist_from')

+              AND `object` = :object

+              AND `value` = :object_from");

+          $stmt->execute(array(':object' => $object, ':object_from' => $object_from));

+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));

+          if ($num_results != 0) {

+            $_SESSION['return'][] = array(

+              'type' => 'danger',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => 'policy_list_from_exists'

+            );

+            return false;

+          }

+          $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)

+            VALUES (:object, :object_list, :object_from)");

+          $stmt->execute(array(

+            ':object' => $object,

+            ':object_list' => $object_list,

+            ':object_from' => $object_from

+          ));

+          $_SESSION['return'][] = array(

+            'type' => 'success',

+            'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+            'msg' => array('mailbox_modified', $object)

+          );

+        break;

+      }

+    break;

+    case 'delete':

+      if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {

+        $_SESSION['return'][] = array(

+          'type' => 'danger',

+          'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+          'msg' => 'access_denied'

+        );

+        return false;

+      }

+      switch ($_scope) {

+        case 'domain':

+          (array)$prefids = $_data['prefid'];

+          foreach ($prefids as $prefid) {

+            if (!is_numeric($prefid)) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                'msg' => 'access_denied'

+              );

+              continue;

+            }

+            $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");

+            $stmt->execute(array(':prefid' => $prefid));

+            $object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];

+            if (is_valid_domain_name($object)) {

+              if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {

+                $_SESSION['return'][] = array(

+                  'type' => 'danger',

+                  'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                  'msg' => 'access_denied'

+                );

+                continue;

+              }

+              $object = idn_to_ascii(strtolower(trim($object)), 0, INTL_IDNA_VARIANT_UTS46);

+            }

+            else {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                'msg' => 'access_denied'

+              );

+              continue;

+            }

+            try {

+              $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");

+              $stmt->execute(array(

+                ':object' => $object,

+                ':prefid' => $prefid

+              ));

+            }

+            catch (PDOException $e) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                'msg' => array('mysql_error', $e)

+              );

+              continue;

+            }

+            $_SESSION['return'][] = array(

+              'type' => 'success',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => array('item_deleted',$prefid)

+            );

+          }

+        break;

+        case 'mailbox':

+          if (!is_array($_data['prefid'])) {

+            $prefids = array();

+            $prefids[] = $_data['prefid'];

+          }

+          else {

+            $prefids = $_data['prefid'];

+          }

+          foreach ($prefids as $prefid) {

+            if (!is_numeric($prefid)) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                'msg' => 'access_denied'

+              );

+              continue;

+            }

+            $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");

+            $stmt->execute(array(':prefid' => $prefid));

+            $object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];

+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                'msg' => 'access_denied'

+              );

+              continue;

+            }

+            try {

+              $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");

+              $stmt->execute(array(

+                ':object' => $object,

+                ':prefid' => $prefid

+              ));

+            }

+            catch (PDOException $e) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+                'msg' => array('mysql_error', $e)

+              );

+              continue;

+            }

+            $_SESSION['return'][] = array(

+              'type' => 'success',

+              'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

+              'msg' => array('items_deleted', implode(', ', $prefids))

+            );

+          }

+        break;

+      }

+    break;

+    case 'get':

+      switch ($_scope) {

+        case 'domain':

+          if (!is_valid_domain_name($_data)) {

+            return false;

+          }

+          else {

+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {

+              return false;

+            }

+            $_data = idn_to_ascii(strtolower(trim($_data)), 0, INTL_IDNA_VARIANT_UTS46);

+          }

+

+          // WHITELIST

+          $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");

+          $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));

+          $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);

+          // BLACKLIST

+          $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");

+          $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));

+          $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);

+

+          return $rows;

+        break;

+        case 'mailbox':

+          if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {

+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {

+              return false;

+            }

+          }

+          else {

+            $_data = $_SESSION['mailcow_cc_username'];

+          }

+          $domain = mailbox('get', 'mailbox_details', $_data)['domain'];

+          if (empty($domain)) {

+            return false;

+          }

+          // WHITELIST

+          $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` = :username OR `object` = :domain)");

+          $stmt->execute(array(':username' => $_data, ':domain' => $domain));

+          $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);

+          // BLACKLIST

+          $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` = :username OR `object` = :domain)");

+          $stmt->execute(array(':username' => $_data, ':domain' => $domain));

+          $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);

+          return $rows;

+        break;

+      }

+    break;

+  }

+}
\ No newline at end of file