Mirrors
/
postfixadmin
mirror of https://github.com/postfixadmin/postfixadmin.git
3
0
Fork 0
Code Releases Activity
PostfixAdmin - web based virtual user administration interface for Postfix mail servers https://postfixadmin.github.io/postfixadmin/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2588 Commits
11 Branches
66 Tags
24 MiB
Tree: postfixadm
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'postfixadm'
${ noResults }
postfixadmin/edit-alias.php

167 lines
5.2 KiB
Raw Permalink Normal View History

Initial Import in SourceForge git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
update license headers git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@107 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
rename templates to .php instead of .tpl git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@250 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
update license headers git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@107 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
- merged edit-alias.php and admin/edit-alias.php - merged identical parts of GET and POST code git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@41 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
final set of refactoring patches (and the rest) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@71 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
- merged edit-alias.php and admin/edit-alias.php - merged identical parts of GET and POST code git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@41 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
final set of refactoring patches (and the rest) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@71 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
Initial Import in SourceForge git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
edit-alias.php: reindent and make the $CONF["alias_control_admin"] and $CONF["special_alias_control"] are respected (for domain admins) - global admins can do whatever they like... git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@610 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
Initial Import in SourceForge git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
edit-alias.php: reindent and make the $CONF["alias_control_admin"] and $CONF["special_alias_control"] are respected (for domain admins) - global admins can do whatever they like... git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@610 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
Initial Import in SourceForge git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
edit-alias.php: reindent and make the $CONF["alias_control_admin"] and $CONF["special_alias_control"] are respected (for domain admins) - global admins can do whatever they like... git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@610 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
Initial Import in SourceForge git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
- merged edit-alias.php and admin/edit-alias.php - merged identical parts of GET and POST code git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@41 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
fix possible XSS hole (security fix) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@253 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
rename templates to .php instead of .tpl git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@250 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
edit-alias.php: - correctly recognize empty input (first cleanup whitespace, then check). Before this fix, aliases with empty goto could be created by entering some spaces or newlines. https://sourceforge.net/tracker/index.php?func=detail&aid=1839061&group_id=191583&atid=937964 git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@248 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
Initial Import in SourceForge git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago
  1. <?php
  2. /**
  3. * Postfix Admin
  4. *
  5. * LICENSE
  6. * This source file is subject to the GPL license that is bundled with
  7. * this package in the file LICENSE.TXT.
  8. *
  9. * Further details on the project are available at :
  10. * http://www.postfixadmin.com or http://postfixadmin.sf.net
  11. *
  12. * @version $Id$
  13. * @license GNU GPL v2 or later.
  14. *
  15. * File: edit-alias.php
  16. * Used to update an alias.
  17. *
  18. * Template File: edit-alias.php
  19. *
  20. * Template Variables:
  21. *
  22. * tMessage
  23. * tGoto
  24. *
  25. * Form POST \ GET Variables:
  26. *
  27. * fAddress
  28. * fDomain
  29. * fGoto
  30. */
  32. require_once('common.php');
  34. authentication_require_role('admin');
  35. $SESSID_USERNAME = authentication_get_username();
  37. if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
  38. die("Check config.inc.php - domain administrators do not have the ability to edit user's aliases (alias_control_admin)");
  39. }
  41. if ($_SERVER['REQUEST_METHOD'] == "GET")
  42. {
  43. if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
  44. if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
  46. if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
  47. {
  48. $result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
  49. if ($result['rows'] == 1)
  50. {
  51. $row = db_array ($result['result']);
  52. $tGoto = $row['goto'];
  54. //. if we are not a global admin, and special_alias_control is NO, hide the alias that's the mailbox name.
  55. if($CONF['special_alias_control'] == 'NO' && !authentication_has_role('global-admin')) {
  56. /* Has a mailbox as well? Remove the address from $tGoto in order to edit just the real aliases */
  57. $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
  58. if ($result['rows'] == 1)
  59. {
  60. $tGoto = preg_replace ('/\s*,*\s*' . $fAddress . '\s*,*\s*/', '', $tGoto);
  61. }
  62. }
  63. }
  64. }
  65. else
  66. {
  67. $tMessage = $PALANG['pEdit_alias_address_error'];
  68. }
  69. }
  71. if ($_SERVER['REQUEST_METHOD'] == "POST")
  72. {
  73. $pEdit_alias_goto = $PALANG['pEdit_alias_goto'];
  75. if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
  76. $fAddress = strtolower ($fAddress);
  77. if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
  78. if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
  79. $fGoto = strtolower ($fGoto);
  81. if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
  82. {
  83. $error = 1;
  84. $tGoto = $_POST['fGoto'];
  85. $tMessage = $PALANG['pEdit_alias_domain_error'] . "$fDomain</span>";
  86. }
  87. elseif (!check_alias_owner ($SESSID_USERNAME, $fAddress))
  88. {
  89. $error = 1;
  90. $tGoto = $fGoto;
  91. $tMessage = $PALANG['pEdit_alias_result_error'];
  92. }
  94. $goto = preg_replace ('/\\\r\\\n/', ',', $fGoto);
  95. $goto = preg_replace ('/\r\n/', ',', $goto);
  96. $goto = preg_replace ('/[\s]+/i', '', $goto);
  97. $goto = preg_replace ('/,*$|^,*/', '', $goto);
  98. $goto = preg_replace ('/,,*/', ',', $goto);
  100. if (empty ($goto) && !authentication_has_role('global-admin'))
  101. {
  102. $error = 1;
  103. $tGoto = $_POST['fGoto'];
  104. $tMessage = $PALANG['pEdit_alias_goto_text_error1'];
  105. }
  107. if ($error != 1)
  108. {
  109. $array = preg_split ('/,/', $goto);
  110. }
  111. else
  112. {
  113. $array = array();
  114. }
  116. for ($i = 0; $i < sizeof ($array); $i++) {
  117. if (in_array ("$array[$i]", $CONF['default_aliases'])) continue;
  118. if (empty ($array[$i])) continue; # TODO: should never happen - remove after 2.2 release
  119. if (!check_email ($array[$i]))
  120. {
  121. $error = 1;
  122. $tGoto = $goto;
  123. $tMessage = $PALANG['pEdit_alias_goto_text_error2'] . "$array[$i]</span>";
  124. }
  125. }
  127. $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
  128. /* The alias has a real mailbox as well, prepend $goto with it */
  129. if ($result['rows'] == 1)
  130. {
  131. // ensure mailbox alias exists... if they're a domain admin, and they're not allowed to...
  132. if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
  133. $array[] = $fAddress;
  134. }
  135. }
  136. // duplicates suck, mmkay..
  137. $array = array_unique($array);
  139. $goto = implode(',', $array);
  141. if ($error != 1)
  142. {
  143. $goto = escape_string($goto);
  144. $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fAddress' AND domain='$fDomain'");
  145. if ($result['rows'] != 1)
  146. {
  147. $tMessage = $PALANG['pEdit_alias_result_error'];
  148. }
  149. else
  150. {
  151. db_log ($SESSID_USERNAME, $fDomain, 'edit_alias', "$fAddress -> $goto");
  153. header ("Location: list-virtual.php?domain=$fDomain");
  154. exit;
  155. }
  156. }
  157. }
  159. $fAddress = htmlentities($fAddress, ENT_QUOTES);
  160. $fDomain = htmlentities($fDomain, ENT_QUOTES);
  161. include ("templates/header.php");
  162. include ("templates/menu.php");
  163. include ("templates/edit-alias.php");
  164. include ("templates/footer.php");
  166. /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
  167. ?>