| | |
|---|
| | | $this->delete($event_name,$data); |
|---|
| | | |
|---|
| | | // Get the new config file path |
|---|
| | | $config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$data["new"]["source_server"].'_'.$data["new"]["source_username"].'.conf'); |
|---|
| | | $config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$this->_clean_path($data["new"]["source_server"]).'_'.$this->_clean_path($data["new"]["source_username"]).'.conf'); |
|---|
| | | if(stristr($config_file_path, "..") or stristr($config_file_path, "|") or stristr($config_file_path,";") or stristr($config_file_path,'$')) { |
|---|
| | | $app->log("Possibly faked path for getmail config file: '$config_file_path'. File is not written.",LOGLEVEL_ERROR); |
|---|
| | | return false; |
|---|
| | |
|---|
| | | $getmail_config = $app->getconf->get_server_config($conf["server_id"], 'getmail'); |
|---|
| | | $this->getmail_config_dir = $getmail_config["getmail_config_dir"]; |
|---|
| | | |
|---|
| | | $config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$data["old"]["source_server"].'_'.$data["old"]["source_username"].'.conf'); |
|---|
| | | $config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$this->_clean_path($data["old"]["source_server"]).'_'.$this->_clean_path($data["old"]["source_username"]).'.conf'); |
|---|
| | | if(stristr($config_file_path,"..") || stristr($config_file_path,"|") || stristr($config_file_path,";") || stristr($config_file_path,'$')) { |
|---|
| | | $app->log("Possibly faked path for getmail config file: '$config_file_path'. File is not written.",LOGLEVEL_ERROR); |
|---|
| | | return false; |
|---|
| | |
|---|
| | | if(is_file($config_file_path)) unlink($config_file_path); |
|---|
| | | } |
|---|
| | | |
|---|
| | | function _clean_path($input) { |
|---|
| | | return preg_replace('/[^A-Za-z0-9\-_]/', '_', $input); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | } // end class |
|---|
| | | |
|---|
