Validation for manual alias editing

sendmail/CHANGELOG

@@ -47,3 +47,5 @@ When flushing selected queued quarantined messages, the -qQ flag is added so tha
 ---- Changes since 1.490 ----
 If multiple alias files are defined, one can be selected when adding a new alias.
 Autoreply messages starting with <html> or <body> will now be sent using the text/html MIME type.
+---- Changes since 1.510 ----
+Added validation when manually editing the aliases and other map files.

sendmail/edit_file.cgi

@@ -61,16 +61,13 @@ open(FILE, $file);
 @lines = <FILE>;
 close(FILE);
 
-print "<b>",&text('file_desc', "<tt>$file</tt>"),"</b><p>\n";
+print &text('file_desc', "<tt>$file</tt>"),"<p>\n";
 
-print "<form action=save_file.cgi method=post enctype=multipart/form-data>\n";
-print "<input type=hidden name=mode value=\"$in{'mode'}\">\n";
-print "<input type=hidden name=idx value=\"$in{'idx'}\">\n";
-print "<textarea name=text rows=20 cols=80>",
-	join("", @lines),"</textarea><p>\n";
-print "<input type=submit value=\"$text{'save'}\"> ",
-      "<input type=reset value=\"$text{'file_undo'}\">\n";
-print "</form>\n";
+print &ui_form_start("save_file.cgi", "form-data");
+print &ui_hidden("mode", $in{'mode'});
+print &ui_hidden("idx", $in{'idx'});
+print &ui_textarea("text", join("", @lines), 20, 80);
+print &ui_form_end([ [ undef, $text{'save'} ] ]);
 
 &ui_print_footer($return, $rmsg);
 

sendmail/lang/en

@@ -602,6 +602,8 @@ file_eaccess=You are not allowed to edit the spam control file.
 file_ecannot=You are not allowed to edit this file
 file_emode=Unknown mode!
 file_err=Failed to edit file
+file_ealias=Invalid format for aliases file line : $1
+file_etab=Invalid format for map file line : $1
 
 acl_opts=Can edit sendmail options?
 acl_ports=Can edit network ports?

sendmail/save_file.cgi

@@ -17,6 +17,7 @@ if ($in{'mode'} eq 'aliases') {
 	    $access{'amax'} == 0 && $access{'apath'} eq '/' ||
 	    &error($text{'file_ealiases'});
 	$log = "alias";
+	$fmt = "alias";
 	}
 elsif ($in{'mode'} eq 'virtusers') {
 	require './virtusers-lib.pl';
@@ -28,6 +29,7 @@ elsif ($in{'mode'} eq 'virtusers') {
 	    $access{'vedit_2'} && $access{'vmax'} == 0 ||
 	    &error($text{'file_evirtusers'});
 	$log = "virtuser";
+	$fmt = "tab";
 	}
 elsif ($in{'mode'} eq 'mailers') {
 	require './mailers-lib.pl';
@@ -37,6 +39,7 @@ elsif ($in{'mode'} eq 'mailers') {
 	$post = "$config{'makemap_path'} $mdbmtype $mdbm <$file";
 	$access{'mailers'} || &error($text{'file_emailers'});
 	$log = "mailer";
+	$fmt = "tab";
 	}
 elsif ($in{'mode'} eq 'generics') {
 	require './generics-lib.pl';
@@ -46,6 +49,7 @@ elsif ($in{'mode'} eq 'generics') {
 	$post = "$config{'makemap_path'} $gdbmtype $gdbm <$file";
 	$access{'omode'} == 1 || &error($text{'file_egenerics'});
 	$log = "generic";
+	$fmt = "tab";
 	}
 elsif ($in{'mode'} eq 'domains') {
 	require './domain-lib.pl';
@@ -55,6 +59,7 @@ elsif ($in{'mode'} eq 'domains') {
 	$post = "$config{'makemap_path'} $ddbmtype $ddbm <$file";
 	$access{'domains'} || &error($text{'file_edomains'});
 	$log = "domain";
+	$fmt = "tab";
 	}
 elsif ($in{'mode'} eq 'access') {
 	require './access-lib.pl';
@@ -64,10 +69,29 @@ elsif ($in{'mode'} eq 'access') {
 	$post = "$config{'makemap_path'} $adbmtype $adbm <$file";
 	$access{'access'} || &error($text{'file_eaccess'});
 	$log = "access";
+	$fmt = "tab";
 	}
 else { &error($text{'file_emode'}); }
 
+# Validate format
 $in{'text'} =~ s/\r//g;
+@lines = split(/\n+/, $in{'text'});
+foreach my $l (@lines) {
+	$l =~ s/#.*$//;
+	next if ($l !~ /\S/);
+	if ($fmt eq "alias") {
+		$l =~ /^\s*(\S+):\s*(\S.*)$/ ||
+			&error(&text('file_ealias',
+				     "<tt>".&html_escape($l)."</tt>"));
+		}
+	elsif ($fmt eq "tab") {
+		$l =~ /^\s*(\S+)\s+(\S.*)$/ ||
+			&error(&text('file_etab',
+				     "<tt>".&html_escape($l)."</tt>"));
+		}
+	}
+
+# Write out the file
 &open_lock_tempfile(FILE, ">$file");
 &print_tempfile(FILE, $in{'text'});
 &close_tempfile(FILE);