* [Issue #1159] Remove any +tag name in email alias before checking privileges * Move priprivileged email check after the conversion to unicode so only IDNA serves as input
This commit is contained in:
parent
78f2fe213e
commit
19a928e4ec
|
@ -435,9 +435,11 @@ def add_mail_alias(address, forwards_to, permitted_senders, env, update_if_exist
|
||||||
email = email.strip()
|
email = email.strip()
|
||||||
if email == "": continue
|
if email == "": continue
|
||||||
email = sanitize_idn_email_address(email) # Unicode => IDNA
|
email = sanitize_idn_email_address(email) # Unicode => IDNA
|
||||||
|
# Strip any +tag from email alias and check privileges
|
||||||
|
privileged_email = re.sub(r"(?=\+)[^@]*(?=@)",'',email)
|
||||||
if not validate_email(email):
|
if not validate_email(email):
|
||||||
return ("Invalid receiver email address (%s)." % email, 400)
|
return ("Invalid receiver email address (%s)." % email, 400)
|
||||||
if is_dcv_source and not is_dcv_address(email) and "admin" not in get_mail_user_privileges(email, env, empty_on_error=True):
|
if is_dcv_source and not is_dcv_address(email) and "admin" not in get_mail_user_privileges(privileged_email, env, empty_on_error=True):
|
||||||
# Make domain control validation hijacking a little harder to mess up by
|
# Make domain control validation hijacking a little harder to mess up by
|
||||||
# requiring aliases for email addresses typically used in DCV to forward
|
# requiring aliases for email addresses typically used in DCV to forward
|
||||||
# only to accounts that are administrators on this system.
|
# only to accounts that are administrators on this system.
|
||||||
|
|
Loading…
Reference in New Issue