From b23de0117336ffca990136ad6d1a9122433dc0fc Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 05 Jun 2012 09:46:40 -0400
Subject: [PATCH] Fixed: FS#2243 - Phpmyadmin Setting [SERVERNAME] Regex Issue - Improved checks in mailbox delete function.

---
 server/plugins-available/mail_plugin.inc.php     |   10 +++++++---
 interface/web/admin/form/system_config.tform.php |    2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index f8e0fbb..6a24c8a 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -128,7 +128,7 @@
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
 			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
-														'regex' => '/^[0-9a-zA-Z\:\/\-\.]{0,255}$/',
+														'regex' => '/^[0-9a-zA-Z\:\/\-\.\[\]]{0,255}$/',
 														'errmsg'=> 'phpmyadmin_url_error_regex'),
 										),
 			'default'	=> '',
diff --git a/server/plugins-available/mail_plugin.inc.php b/server/plugins-available/mail_plugin.inc.php
index 4c6912f..0437d6a 100644
--- a/server/plugins-available/mail_plugin.inc.php
+++ b/server/plugins-available/mail_plugin.inc.php
@@ -312,8 +312,12 @@
 	function user_delete($event_name,$data) {
 		global $app, $conf;
 		
+		// get the config
+		$app->uses("getconf");
+		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
+		
 		$old_maildir_path = escapeshellcmd($data['old']['maildir']);
-		if(!stristr($old_maildir_path,'..') && !stristr($old_maildir_path,'*') && strlen($old_maildir_path) >= 10) {
+		if($old_maildir_path != $mail_config['homedir_path'] && strlen($old_maildir_path) > strlen($mail_config['homedir_path']) && !stristr($old_maildir_path,'..') && !stristr($old_maildir_path,'*') && strlen($old_maildir_path) >= 10) {
 			exec('rm -rf '.escapeshellcmd($old_maildir_path));
 			$app->log('Deleted the Maildir: '.$data['old']['maildir'],LOGLEVEL_DEBUG);
 		} else {
@@ -330,7 +334,7 @@
 		
 		//* Delete maildomain path
 		$old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/'.$data['old']['domain']);
-		if(!stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
+		if($old_maildomain_path != $mail_config['homedir_path'] && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
 			exec('rm -rf '.escapeshellcmd($old_maildomain_path));
 			$app->log('Deleted the mail domain directory: '.$old_maildomain_path,LOGLEVEL_DEBUG);
 		} else {
@@ -339,7 +343,7 @@
 		
 		//* Delete mailfilter path
 		$old_maildomain_path = escapeshellcmd($mail_config['homedir_path'].'/mailfilters/'.$data['old']['domain']);
-		if(!stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
+		if($old_maildomain_path != $mail_config['homedir_path'].'/mailfilters/' && !stristr($old_maildomain_path,'//') && !stristr($old_maildomain_path,'..') && !stristr($old_maildomain_path,'*') && !stristr($old_maildomain_path,'&') && strlen($old_maildomain_path) >= 10) {
 			exec('rm -rf '.escapeshellcmd($old_maildomain_path));
 			$app->log('Deleted the mail domain mailfilter directory: '.$old_maildomain_path,LOGLEVEL_DEBUG);
 		} else {

--
Gitblit v1.9.1