borekon/disposable-mailbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixed security issue with #5

Browse Source
This commit is contained in:
Synox 2016-12-19 23:31:13 +01:00
parent bfc5b76c71
commit 8d68dd4379
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend.php
View File

@ -114,17 +114,21 @@ function delete_mail($mailid, $username) {
error(400, 'invalid username');
}
$address = get_address($name, $config['mailHostname']);
$mail_ids = search_mails($address, $mailbox);
if (in_array($mailid, $mail_ids)) {
$mailbox->deleteMail($mailid);
$mailbox->expungeDeletedMails();
print(json_encode(array("success" => true)));
$mail = $mailbox->getMail($mailid);
if ($mail !== null) {
// imap_search also returns partials matches. The mails have to be filtered again:
if (array_key_exists($address, $mail->to) || array_key_exists($address, $mail->cc)) {
$mailbox->deleteMail($mailid);
$mailbox->expungeDeletedMails();
print(json_encode(array("success" => true)));
} else {
error(404, 'delete error: invalid username/mailid combination');
}
} else {
error(404, 'delete error: invalid username/mailid combination');
}
}