maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fix incorrect security check on mail-directories where various special-characters are allowed, fixes #1458

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2014-10-01 07:29:25 +02:00
parent cbab67a2fd
commit 480e3a8bfd
3 changed files with 30 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/jobs/cron_mailboxsize.php
View File

@@ -35,7 +35,9 @@ while ($maildir = $maildirs_stmt->fetch(PDO::FETCH_ASSOC)) {
if (file_exists($_maildir)
&& is_dir($_maildir)
) {
$back = safe_exec('du -sk ' . escapeshellarg($_maildir) . '');
// mail-adress allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part
$return = false;
$back = safe_exec('du -sk ' . escapeshellarg($_maildir), $return, array('|', '&', '`', '$', '~', '?'));
foreach ($back as $backrow) {
$emailusage = explode(' ', $backrow);
}