Branch 'ticket/3335' - lib/api
Daniel Hoffend
hoffend at kolabsys.com
Wed Feb 18 20:46:26 CET 2015
lib/api/kolab_api_service_form_value.php | 93 ++++++++++++++++++++++++-------
1 file changed, 74 insertions(+), 19 deletions(-)
New commits:
commit d45ceadf3e8ed70f839579d98dbc1a95ee6f6f0c
Author: Daniel Hoffend <dh at dotlan.net>
Date: Wed Feb 18 20:46:18 2015 +0100
add validate_cn_sharedfolder + validate_kolabtargetfolder_sharedfolder
diff --git a/lib/api/kolab_api_service_form_value.php b/lib/api/kolab_api_service_form_value.php
index 3f40310..2dd9aa9 100644
--- a/lib/api/kolab_api_service_form_value.php
+++ b/lib/api/kolab_api_service_form_value.php
@@ -576,10 +576,27 @@ class kolab_api_service_form_value extends kolab_api_service
}
}
+ // no cn given then return empty
+ if (!trim($postdata['cn'])) {
+ return '';
+ }
+
+ // determine the @emaildomain part
+ $email_domain = '';
+ $at_index = strrpos($postdata['mail'], "@");
+ if (!(is_bool($at_index) && !$at_index)) {
+ $email_domain = substr($postdata['mail'], $at_index+1);
+ }
+
+ // if no email is set or domain isn't valid return empty
+ if (!$email_domain || !in_array($email_domain, $this->_get_valid_domains())) {
+ return '';
+ }
+
$cn = $postdata['cn'];
$imap_hierarchysep = '/';
- return $cn ? 'shared' . $imap_hierarchysep . $cn . '@' . $_SESSION['user']->get_domain() : '';
+ return $cn ? 'shared' . $imap_hierarchysep . $cn . '@' . $email_domain : '';
}
}
@@ -1316,6 +1333,32 @@ class kolab_api_service_form_value extends kolab_api_service
return 'OK';
}
+ private function validate_cn_sharedfolder($value, $postdata = array(), $validation_type = null)
+ {
+ if (preg_match('/["\']/',$value)) {
+ throw new Exception("Folder name contains invalid characters: \" ']");
+ }
+
+ return 'OK';
+ }
+
+ private function validate_kolabtargetfolder_sharedfolder($value, $postdata = array(), $validation_type = null)
+ {
+ if (preg_match('/["\'\+]/',$value)) {
+ throw new Exception("Target IMAP Folder contains invalid characters \" ' +");
+ }
+
+ $domains = $this->_get_valid_domains();
+ if (!preg_match('#^shared/[^"\'\\+]+@('.implode("|",$domains).')$#',$value)) {
+ throw new Exception("Target IMAP Folder has to match the following format: 'shared/foldername at mydomain.org'"&& folderpart == cn (other));
+ }
+
+ // TODO: check for duplicate shared folder
+ // same kolabTargetFolder && type = 'mail || type != mail && folderpart == cn (other)
+
+ return 'OK';
+ }
+
private function _list_options_members($postdata, $attribs = array())
{
// return specified records only, by exact DN attributes
@@ -1566,32 +1609,22 @@ class kolab_api_service_form_value extends kolab_api_service
return $valid;
}
- private function _validate_email_address_in_any_of_my_domains($mail_address)
+ private function _get_valid_domains($my_primary_domain = null)
{
- $at_index = strrpos($mail_address, "@");
- if (is_bool($at_index) && !$at_index) {
- throw new Exception("Invalid email address: No domain name space", 235);
- } else {
- $email_domain = substr($mail_address, $at_index+1);
- }
-
- $my_primary_domain = $_SESSION['user']->get_domain();
-
- if ($email_domain == $my_primary_domain) {
- return true;
- }
+ $my_primary_domain = $my_primary_domain !== null
+ ? $my_primary_domain
+ : $_SESSION['user']->get_domain();
$auth = Auth::get_instance();
$conf = Conf::get_instance();
$all_domains = $auth->list_domains();
$all_domains = $all_domains['list'];
- $valid_domains = array();
$dna = $conf->get('domain_name_attribute');
- $valid = false;
- Log::trace("_validate_email_address_in_any_of_mydomains(\$mail_address = " . var_export($mail_address, TRUE) . ")");
- Log::trace("\$all_domains includes: " . var_export($all_domains, TRUE) . " (must include domain for \$mail_address)");
+ Log::trace("__get_valid_domains( " . $my_primary_domain . ")");
+ Log::trace("\$all_domains includes: " . var_export($all_domains, TRUE) . " (must include domain for \$my_primary_domain)");
+ $valid_domains = array();
foreach ($all_domains as $domain_id => $domain_attrs) {
if (!is_array($domain_attrs[$dna])) {
$domain_attrs[$dna] = (array)($domain_attrs[$dna]);
@@ -1602,7 +1635,29 @@ class kolab_api_service_form_value extends kolab_api_service
}
}
- if (in_array($email_domain, $valid_domains)) {
+ return $valid_domains;
+ }
+
+ private function _validate_email_address_in_any_of_my_domains($mail_address)
+ {
+ $at_index = strrpos($mail_address, "@");
+ if (is_bool($at_index) && !$at_index) {
+ throw new Exception("Invalid email address: No domain name space", 235);
+ } else {
+ $email_domain = substr($mail_address, $at_index+1);
+ }
+
+ $my_primary_domain = $_SESSION['user']->get_domain();
+
+ if ($email_domain == $my_primary_domain) {
+ Log::trace("Found email address to be in one of my domains.");
+ return true;
+ }
+
+ $valid = false;
+ Log::trace("_validate_email_address_in_any_of_mydomains(\$mail_address = " . var_export($mail_address, TRUE) . ")");
+
+ if (in_array($email_domain, $this->_get_valid_domains())) {
$valid = true;
}
More information about the commits
mailing list