]> git.datanom.net - qtadmin.git/blame - quarantine.php
Enhance security
[qtadmin.git] / quarantine.php
CommitLineData
6df4b805 1<?php
6b3d5ba9 2/* vim: set ts=4 tw=0 sw=4 noet: */
b95d1cdb
MR
3 require_once 'config.php';
4 require_once $CFG->root . 'lib/db_factory.php';
5 require_once $CFG->root . 'lib/utils.inc.php';
6df4b805 6
b95d1cdb 7 function error($error) {
3056d117 8 $util = new Utils;
b95d1cdb
MR
9 $util->setHeading("Error");
10 echo $util->getHeader();
11 echo $util->getHeading();
12 echo "<p style=\"color: red;\">$error</p>";
13 echo '<a href="index.php">Return</a>';
14 echo $util->getFooter();
15 }
6df4b805 16
4e417241 17 function handleRequest($util, $request, $ids) {
6b8a5143
MR
18 global $CFG;
19
acaa44d2
MR
20 $query = array();
21 foreach ($ids as $id) {
22 $mail_id = urldecode($id);
23 $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
ebed9332 24
2b099ad2 25 if (is_object($mail) && true == $util->authorized($mail->recipient)) {
af31b70b
MR
26 $secret_id = $mail->secret_id;
27 $recipient = $mail->recipient;
acaa44d2 28
af31b70b
MR
29 if ($request == 'release') {
30 $amavisserver = $CFG->amavisd_db_host;
31 $policy_port = $CFG->amavis_policy_port;
32
33 $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
34 if (!$fp) {
35 error("$errstr ($errno)");
36 exit;
37 }
38 $out = "request=" . $request . "\r\n";
39 $out .= "mail_id=" . $mail_id . "\r\n";
40 $out .= "recipient=" . $recipient . "\r\n";
41 $out .= "secret_id=" . $secret_id . "\r\n\r\n";
42 fwrite($fp, $out);
43 $response = fread($fp, 8192);
44 fclose($fp);
45 $response = urldecode($response);
46 if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
47 error("Request to release failed [$out][$response]");
48 exit;
49 }
50 if ($matches[1] != '2.0.0') {
51 error($matches[2]);
52 exit;
53 }
54
55 $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
56 } else if ($request == 'delete') {
57 $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
58 } else {
59 error("Unknown operation [$request]");
acaa44d2
MR
60 exit;
61 }
acaa44d2 62 }
acaa44d2 63 }
ebed9332
MR
64
65 return $query;
acaa44d2
MR
66 }
67
3056d117 68 $util = new Utils;
b95d1cdb
MR
69 $loggedIn = $util->isLoggedIn();
70 $request = isset($_GET['op']) ? $_GET['op'] : '';
71 if ($loggedIn && isset($_GET['id'])) {
acaa44d2 72 $ids = explode(',', $_GET['id']);
4e417241 73 $query = handleRequest($util, $request, $ids);
b95d1cdb
MR
74 $success = $DB->update($query);
75 if (! $success) {
76 error("Message not released, contact administrator [$query]");
77 exit;
78 }
79 header('Location: index.php');
6df4b805 80 } else if ($loggedIn && $request == 'purge') {
b95d1cdb
MR
81 $marked = unserialize($_SESSION['marked']);
82 unset($_SESSION['marked']);
83 $query = array();
84 $error = array();
85 foreach ($marked as $mail_id) {
af31b70b 86 $mail = $DB->getMail($mail_id);
2b099ad2 87 if (is_object($mail) && true == $util->authorized($mail->recipient)) {
af31b70b
MR
88 $query[] = "delete from msgs where mail_id = '$mail_id'";
89 $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
90 $query[] = "delete from quarantine where mail_id = '$mail_id'";
91 $success = $DB->update($query);
92 if (! $success) {
93 $error[] = $mail_id;
94 }
b95d1cdb
MR
95 }
96 }
97 if (count($error) > 0) {
98 $str = implode(', ', $error);
99 error("The following messages was not purged [$str], contact administrator");
100 exit;
101 }
102 header('Location: index.php');
103 } else if ($loggedIn) {
104 header('Location: index.php');
6df4b805
MR
105 } else {
106 header('Location: auth.php');
107 }
108
109?>
110
This page took 0.126084 seconds and 5 git commands to generate.