Skip to content

Commit 6358cc0

Browse files
tbrehmtbrehm
committed
Extended path checks in mail_plugin.inc.php
1 parent ad84655 commit 6358cc0

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

server/plugins-available/mail_plugin.inc.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -317,7 +317,7 @@ function user_delete($event_name,$data) {
317317
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
318318

319319
$old_maildir_path = escapeshellcmd($data['old']['maildir']);
320-
if($old_maildir_path != $mail_config['homedir_path'] && strlen($old_maildir_path) > strlen($mail_config['homedir_path']) && !stristr($old_maildir_path,'..') && !stristr($old_maildir_path,'*') && strlen($old_maildir_path) >= 10) {
320+
if($old_maildir_path != $mail_config['homedir_path'] && strlen($old_maildir_path) > strlen($mail_config['homedir_path']) && !stristr($old_maildir_path,'//') && !stristr($old_maildir_path,'..') && !stristr($old_maildir_path,'*') && strlen($old_maildir_path) >= 10) {
321321
exec('rm -rf '.escapeshellcmd($old_maildir_path));
322322
$app->log('Deleted the Maildir: '.$data['old']['maildir'],LOGLEVEL_DEBUG);
323323
} else {
@@ -334,7 +334,7 @@ function domain_delete($event_name,$data) {
334334

335335
//* Delete maildomain path
336336
$old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/'.$data['old']['domain']);
337-
if($old_maildomain_path != $mail_config['homedir_path'] && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
337+
if($old_maildomain_path != $mail_config['homedir_path'] && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10 && !empty($data['old']['domain'])) {
338338
exec('rm -rf '.escapeshellcmd($old_maildomain_path));
339339
$app->log('Deleted the mail domain directory: '.$old_maildomain_path,LOGLEVEL_DEBUG);
340340
} else {
@@ -343,7 +343,7 @@ function domain_delete($event_name,$data) {
343343

344344
//* Delete mailfilter path
345345
$old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/mailfilters/'.$data['old']['domain']);
346-
if($old_maildomain_path != $mail_config['homedir_path'].'/mailfilters/' && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
346+
if($old_maildomain_path != $mail_config['homedir_path'].'/mailfilters/' && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10 && !empty($data['old']['domain'])) {
347347
exec('rm -rf '.escapeshellcmd($old_maildomain_path));
348348
$app->log('Deleted the mail domain mailfilter directory: '.$old_maildomain_path,LOGLEVEL_DEBUG);
349349
} else {

0 commit comments

Comments
 (0)