diff --git a/sendmail/CHANGELOG b/sendmail/CHANGELOG index 60081e2f8..cc1d648fd 100644 --- a/sendmail/CHANGELOG +++ b/sendmail/CHANGELOG @@ -47,3 +47,5 @@ When flushing selected queued quarantined messages, the -qQ flag is added so tha ---- Changes since 1.490 ---- If multiple alias files are defined, one can be selected when adding a new alias. Autoreply messages starting with or will now be sent using the text/html MIME type. +---- Changes since 1.510 ---- +Added validation when manually editing the aliases and other map files. diff --git a/sendmail/edit_file.cgi b/sendmail/edit_file.cgi index b7b179a47..260b918c5 100755 --- a/sendmail/edit_file.cgi +++ b/sendmail/edit_file.cgi @@ -61,16 +61,13 @@ open(FILE, $file); @lines = ; close(FILE); -print "",&text('file_desc', "$file"),"

\n"; +print &text('file_desc', "$file"),"

\n"; -print "

\n"; -print "\n"; -print "\n"; -print "

\n"; -print " ", - "\n"; -print "

\n"; +print &ui_form_start("save_file.cgi", "form-data"); +print &ui_hidden("mode", $in{'mode'}); +print &ui_hidden("idx", $in{'idx'}); +print &ui_textarea("text", join("", @lines), 20, 80); +print &ui_form_end([ [ undef, $text{'save'} ] ]); &ui_print_footer($return, $rmsg); diff --git a/sendmail/lang/en b/sendmail/lang/en index bf387c9e8..ab031ada3 100644 --- a/sendmail/lang/en +++ b/sendmail/lang/en @@ -602,6 +602,8 @@ file_eaccess=You are not allowed to edit the spam control file. file_ecannot=You are not allowed to edit this file file_emode=Unknown mode! file_err=Failed to edit file +file_ealias=Invalid format for aliases file line : $1 +file_etab=Invalid format for map file line : $1 acl_opts=Can edit sendmail options? acl_ports=Can edit network ports? diff --git a/sendmail/save_file.cgi b/sendmail/save_file.cgi index 631172265..20b9717ba 100755 --- a/sendmail/save_file.cgi +++ b/sendmail/save_file.cgi @@ -17,6 +17,7 @@ if ($in{'mode'} eq 'aliases') { $access{'amax'} == 0 && $access{'apath'} eq '/' || &error($text{'file_ealiases'}); $log = "alias"; + $fmt = "alias"; } elsif ($in{'mode'} eq 'virtusers') { require './virtusers-lib.pl'; @@ -28,6 +29,7 @@ elsif ($in{'mode'} eq 'virtusers') { $access{'vedit_2'} && $access{'vmax'} == 0 || &error($text{'file_evirtusers'}); $log = "virtuser"; + $fmt = "tab"; } elsif ($in{'mode'} eq 'mailers') { require './mailers-lib.pl'; @@ -37,6 +39,7 @@ elsif ($in{'mode'} eq 'mailers') { $post = "$config{'makemap_path'} $mdbmtype $mdbm <$file"; $access{'mailers'} || &error($text{'file_emailers'}); $log = "mailer"; + $fmt = "tab"; } elsif ($in{'mode'} eq 'generics') { require './generics-lib.pl'; @@ -46,6 +49,7 @@ elsif ($in{'mode'} eq 'generics') { $post = "$config{'makemap_path'} $gdbmtype $gdbm <$file"; $access{'omode'} == 1 || &error($text{'file_egenerics'}); $log = "generic"; + $fmt = "tab"; } elsif ($in{'mode'} eq 'domains') { require './domain-lib.pl'; @@ -55,6 +59,7 @@ elsif ($in{'mode'} eq 'domains') { $post = "$config{'makemap_path'} $ddbmtype $ddbm <$file"; $access{'domains'} || &error($text{'file_edomains'}); $log = "domain"; + $fmt = "tab"; } elsif ($in{'mode'} eq 'access') { require './access-lib.pl'; @@ -64,10 +69,29 @@ elsif ($in{'mode'} eq 'access') { $post = "$config{'makemap_path'} $adbmtype $adbm <$file"; $access{'access'} || &error($text{'file_eaccess'}); $log = "access"; + $fmt = "tab"; } else { &error($text{'file_emode'}); } +# Validate format $in{'text'} =~ s/\r//g; +@lines = split(/\n+/, $in{'text'}); +foreach my $l (@lines) { + $l =~ s/#.*$//; + next if ($l !~ /\S/); + if ($fmt eq "alias") { + $l =~ /^\s*(\S+):\s*(\S.*)$/ || + &error(&text('file_ealias', + "".&html_escape($l)."")); + } + elsif ($fmt eq "tab") { + $l =~ /^\s*(\S+)\s+(\S.*)$/ || + &error(&text('file_etab', + "".&html_escape($l)."")); + } + } + +# Write out the file &open_lock_tempfile(FILE, ">$file"); &print_tempfile(FILE, $in{'text'}); &close_tempfile(FILE);