Skip to content

Commit 01334f1

Browse files
LupulLupul
committed
Sec: Fix input validation in v-add-mail-account-forward
email_forward: Validate email_format, required arg added new 'email_forward' global validation format
1 parent a885684 commit 01334f1

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

bin/v-add-mail-account-forward

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ user=$1
1414
domain=$2
1515
domain_idn=$2
1616
account=$3
17-
forward=$4
17+
email_forward=$4
1818

1919
# Includes
2020
source $HESTIA/func/main.sh
@@ -31,7 +31,7 @@ format_domain_idn
3131
#----------------------------------------------------------#
3232

3333
check_args '4' "$#" 'USER DOMAIN ACCOUNT FORWARD'
34-
is_format_valid 'user' 'domain' 'account' 'forward'
34+
is_format_valid 'user' 'domain' 'account' 'email_forward'
3535
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
3636
is_object_valid 'user' 'USER' "$user"
3737
is_object_unsuspended 'user' 'USER' "$user"
@@ -40,8 +40,8 @@ is_object_unsuspended 'mail' 'DOMAIN' "$domain"
4040
is_object_valid "mail/$domain" 'ACCOUNT' "$account"
4141
is_object_unsuspended "mail/$domain" 'ACCOUNT' "$account"
4242
fwd=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$FWD')
43-
if [ ! -z "$(echo $fwd | grep -w $forward)" ]; then
44-
echo "Error: forward $forward exists"
43+
if [ ! -z "$(echo $fwd | grep -w "$email_forward")" ]; then
44+
echo "Error: forward $email_forward exists"
4545
log_event "$E_EXISTS $ARGUMENTS"
4646
exit $E_EXISTS
4747
fi
@@ -56,9 +56,9 @@ check_hestia_demo_mode
5656

5757
# Define fwd string
5858
if [ -z "$fwd" ]; then
59-
fwd="$forward"
59+
fwd="$email_forward"
6060
else
61-
fwd="$fwd,$forward"
61+
fwd="$fwd,$email_forward"
6262
fi
6363

6464
# Adding forward to exim
@@ -76,7 +76,7 @@ fi
7676
update_object_value "mail/$domain" 'ACCOUNT' "$account" '$FWD' "$fwd"
7777

7878
# Logging
79-
log_history "added forwarding from $account@$domain to $forward"
79+
log_history "added forwarding from $account@$domain to $email_forward"
8080
log_event "$OK" "$ARGUMENTS"
8181

8282
exit

func/main.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -870,6 +870,7 @@ is_format_valid() {
870870
domain) is_domain_format_valid "$arg" ;;
871871
dvalue) is_dns_record_format_valid "$arg";;
872872
email) is_email_format_valid "$arg" ;;
873+
email_forward) is_email_format_valid "$arg" ;;
873874
exp) is_date_format_valid "$arg" ;;
874875
extentions) is_common_format_valid "$arg" 'extentions' ;;
875876
fname) is_name_format_valid "$arg" "first name" ;;

0 commit comments

Comments
 (0)