From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.
---
interface/web/mail/mail_user_edit.php | 20 ++++++++++++++------
1 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
index 9fd3d5b..ca973c5 100644
--- a/interface/web/mail/mail_user_edit.php
+++ b/interface/web/mail/mail_user_edit.php
@@ -73,7 +73,8 @@
$email = $this->dataRecord["email"];
$email_parts = explode("@",$email);
$app->tpl->setVar("email_local_part",$email_parts[0]);
-
+ $email_parts[1] = $app->functions->idn_decode($email_parts[1]);
+
// Getting Domains of the user
// $sql = "SELECT domain, server_id FROM mail_domain WHERE ".$app->tform->getAuthSQL('r').' ORDER BY domain';
$sql = "SELECT domain, server_id FROM mail_domain WHERE domain NOT IN (SELECT SUBSTR(source,2) FROM mail_forwarding WHERE type = 'aliasdomain') AND ".$app->tform->getAuthSQL('r')." ORDER BY domain";
@@ -81,6 +82,7 @@
$domain_select = '';
if(is_array($domains)) {
foreach( $domains as $domain) {
+ $domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
}
@@ -115,6 +117,12 @@
$app->tpl->setVar("ar_active", '');
}
+ if($this->dataRecord['autoresponder_subject'] == '') {
+ $app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject'));
+ } else {
+ $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']);
+ }
+
$app->uses('getconf');
$mail_config = $app->getconf->get_global_config('mail');
if($mail_config["enable_custom_login"] == "y") {
@@ -131,8 +139,8 @@
//* Check if Domain belongs to user
if(isset($_POST["email_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r'));
- if($domain["domain"] != $_POST["email_domain"]) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
+ if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
}
@@ -179,7 +187,7 @@
//* compose the email field
if(isset($_POST["email_local_part"]) && isset($_POST["email_domain"])) {
- $this->dataRecord["email"] = strtolower($_POST["email_local_part"]."@".$_POST["email_domain"]);
+ $this->dataRecord["email"] = strtolower($_POST["email_local_part"]."@".$app->functions->idn_encode($_POST["email_domain"]));
// Set the server id of the mailbox = server ID of mail domain.
$this->dataRecord["server_id"] = $domain["server_id"];
@@ -225,7 +233,7 @@
global $app, $conf;
// Set the domain owner as mailbox owner
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
$app->db->query("UPDATE mail_user SET sys_groupid = ".$domain["sys_groupid"]." WHERE mailuser_id = ".$this->id);
// Spamfilter policy
@@ -261,7 +269,7 @@
// Set the domain owner as mailbox owner
if(isset($_POST["email_domain"])) {
- $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r'));
+ $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
$app->db->query("UPDATE mail_user SET sys_groupid = ".$domain["sys_groupid"]." WHERE mailuser_id = ".$this->id);
// Spamfilter policy
--
Gitblit v1.9.1