Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

rearrange custom params validation

FreddleSpl0it 3 years ago
parent
cd02483b19
commit
223ba44b61
1 changed files with 14 additions and 12 deletions
Unified View Show Diff Stats
  1. 14 12
      data/web/inc/functions.mailbox.inc.php

+ 14 - 12
data/web/inc/functions.mailbox.inc.php
View File 

@@ -341,7 +341,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           foreach (explode('-', $custom_params) as $param){

           foreach (explode('-', $custom_params) as $param){

             if(empty($param)) continue;

             if(empty($param)) continue;

 

 

-            if (str_contains(explode('=', $param)[0], ' ')) {

+            // extract option

+            if (str_contains($param, '=')) $param = explode('=', $param)[0];

+            else $param = rtrim($param, ' ');

+            // remove first char if first char is -

+            if ($param[0] == '-') $param = ltrim($param, $param[0]);

+

+            if (str_contains($param, ' ')) {

               // bad char

               // bad char

               $_SESSION['return'][] = array(

               $_SESSION['return'][] = array(

                 'type' => 'danger',

                 'type' => 'danger',

@@ -351,11 +357,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
               return false;

               return false;

             }

             }

 

 

-            // extract option

-            if (str_contains($param, '=')) $param = explode('=', $param)[0];

-            // remove first char if first char is -

-            if ($param[0] == '-') $param = ltrim($param, $param[0]);

-            

             // check if param is whitelisted

             // check if param is whitelisted

             if (!in_array(strtolower($param), $GLOBALS["IMAPSYNC_OPTIONS"]["whitelist"])){

             if (!in_array(strtolower($param), $GLOBALS["IMAPSYNC_OPTIONS"]["whitelist"])){

               // bad option

               // bad option

@@ -1796,7 +1797,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
             foreach (explode('-', $custom_params) as $param){

             foreach (explode('-', $custom_params) as $param){

               if(empty($param)) continue;

               if(empty($param)) continue;

 

 

-              if (str_contains(explode('=', $param)[0], ' ')) {

+              // extract option

+              if (str_contains($param, '=')) $param = explode('=', $param)[0];

+              else $param = rtrim($param, ' ');

+              // remove first char if first char is -

+              if ($param[0] == '-') $param = ltrim($param, $param[0]);

+

+              if (str_contains($param, ' ')) {

                 // bad char

                 // bad char

                 $_SESSION['return'][] = array(

                 $_SESSION['return'][] = array(

                   'type' => 'danger',

                   'type' => 'danger',

@@ -1806,11 +1813,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
                 return false;

                 return false;

               }

               }

   

   

-              // extract option

-              if (str_contains($param, '=')) $param = explode('=', $param)[0];

-              // remove first char if first char is -

-              if ($param[0] == '-') $param = ltrim($param, $param[0]);

-              

               // check if param is whitelisted

               // check if param is whitelisted

               if (!in_array(strtolower($param), $GLOBALS["IMAPSYNC_OPTIONS"]["whitelist"])){

               if (!in_array(strtolower($param), $GLOBALS["IMAPSYNC_OPTIONS"]["whitelist"])){

                 // bad option

                 // bad option