5 年前 · 22f0a14b87
--- a/data/web/inc/ajax/qitem_details.php
+++ b/data/web/inc/ajax/qitem_details.php
@@ -23,7 +23,9 @@ function rrmdir($src) {
 
				 function addAddresses(&$list, $mail, $headerName) {

			
 
				   $addresses = $mail->getAddresses($headerName);

			
 
				   foreach ($addresses as $address) {

			
 
				-    $list[] = array('address' => $address['address'], 'type' => $headerName);

			
 
				+    if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) {

			
 
				+      $list[] = array('address' => $address['address'], 'type' => $headerName);

			
 
				+    }

			
 
				   }

			
 
				 }

			
 
				 

			
@@ -51,6 +53,7 @@ if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) {
 
				       addAddresses($recipientsList, $mail_parser, 'to');

			
 
				       addAddresses($recipientsList, $mail_parser, 'cc');

			
 
				       addAddresses($recipientsList, $mail_parser, 'bcc');

			
 
				+      $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'SMTP');

			
 
				       $data['recipients'] = $recipientsList;

			
 
				     }

			
 
				     // Get from

			
@@ -72,6 +75,10 @@ elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
 
				   }

			
 
				   $tmpdir = '/tmp/' . $_GET['id'] . '/';

			
 
				   $mailc = quarantine('details', $_GET['id']);

			
 
				+  if ($mailc === false) {

			
 
				+    echo json_encode(array('error' => 'Access denied'));

			
 
				+    exit;

			
 
				+  }

			
 
				   if (strlen($mailc['msg']) > 10485760) {

			
 
				     echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));

			
 
				     exit;

			
@@ -101,6 +108,7 @@ elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
 
				       addAddresses($recipientsList, $mail_parser, 'to');

			
 
				       addAddresses($recipientsList, $mail_parser, 'cc');

			
 
				       addAddresses($recipientsList, $mail_parser, 'bcc');

			
 
				+      $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'SMTP');

			
 
				       $data['recipients'] = $recipientsList;

			
 
				     }

			
 
				     // Get from

			
--- a/data/web/inc/functions.quarantine.inc.php
+++ b/data/web/inc/functions.quarantine.inc.php
@@ -361,7 +361,7 @@ function quarantine($_action, $_data = null) {
 
				           $stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');

			
 
				           $stmt->execute(array(':id' => $id));

			
 
				           $row = $stmt->fetch(PDO::FETCH_ASSOC);

			
 
				-          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {

			
 
				+          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin') {

			
 
				             $_SESSION['return'][] = array(

			
 
				               'type' => 'danger',

			
 
				               'msg' => 'access_denied'

			
@@ -812,7 +812,7 @@ function quarantine($_action, $_data = null) {
 
				       $stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE `id`= :id');

			
 
				       $stmt->execute(array(':id' => $_data));

			
 
				       $row = $stmt->fetch(PDO::FETCH_ASSOC);

			
 
				-      if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {

			
 
				+      if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) || $_SESSION['mailcow_cc_role'] == 'admin') {

			
 
				         return $row;

			
 
				       }

			
 
				       logger(array('return' => array(