Merge branch 'release/1.2.5'

mailwatch · Aug 21, 2017 · b5ac806 · b5ac806
2 parents 1f5a656 + 01f8489
commit b5ac806
Show file tree

Hide file tree

Showing 43 changed files with 2,663 additions and 1,976 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,21 @@
+1.2.5
+-----------
+Improvements
+- Support for multiple virus scanners and multiple top viruses (#874)
+- Add detection of MySQL or MariaDB in upgrade process (#873)
+- Prevents Mail Queue summary from duplicating mail count when local server is defined in RPC list (#904, #905)
+- Enhance upgrade.php with check for conf.php syntax and MailScanner.conf existence
+- Better UI on tables and graphs
+- Improved translations
+
+Fixes
+- Fixes issue when sanitization causes ampersand to be html-ified (#882)
+- Fix mailwatch-sendmail-relay init script (#881)
+- Fix code for php 5.3 compatibility (#889)
+- Fix path to mtalogprocessor file in senmail_relay (#912)
+- Remove on update/default value for timestamp in maillog table (#915)
+- Permit up to 20 chars in first part of Postfix msgid (#652)
+
 1.2.4
 -----------
 Improvements

diff --git a/create.sql b/create.sql
@@ -88,7 +88,7 @@ CREATE TABLE IF NOT EXISTS `inq` (
 
 CREATE TABLE IF NOT EXISTS `maillog` (
  `maillog_id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
- `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ `timestamp` timestamp NOT NULL,
  `id` mediumtext COLLATE utf8_unicode_ci,
  `size` bigint(20) DEFAULT '0',
  `from_address` mediumtext COLLATE utf8_unicode_ci,

diff --git a/mailscanner/bayes_info.php b/mailscanner/bayes_info.php
@@ -47,7 +47,7 @@
  $return = 0;
  if (isset($_POST['clear'])) {
  if (!is_file(SA_DIR . 'sa-learn')) {
- echo '<div style="font-size: 10pt; font-weight: 700; text-align: center; color: red; ">' . "\n";
+ echo '<div class="error center">' . "\n";
  echo '<br>' . __('cannotfind18') . ' ' . SA_DIR . 'sa-learn';
  echo '</div>' . "\n";
  } else {
@@ -56,7 +56,7 @@
  if ($return === 0) {
  audit_log(__('auditlogwipe18', true));
  } else {
- echo '<div style="font-size: 10pt; font-weight: 700; text-align: center; color: red; ">' . "\n";
+ echo '<div class="error center">' . "\n";
  echo '<br>' . __('error18') . ' ' . $return;
  echo '</div>' . "\n";
  }
@@ -139,7 +139,7 @@
 // Clear button
 if ($_SESSION['user_type'] === 'A') {
  echo '<br>' . "\n";
- echo '<div style="text-align: center; ">' . "\n";
+ echo '<div class="center">' . "\n";
  echo '<form method="post" action="bayes_info.php" onsubmit="return confirm(\'' . __('clearmessage18') . '\');" >' . "\n";
  echo '<input type="submit" value="' . __('cleardbbayes18') . '">' . "\n";
  echo '<input type="hidden" name="clear" value="true">' . "\n";

diff --git a/mailscanner/checklogin.php b/mailscanner/checklogin.php
@@ -161,7 +161,7 @@
  $redirect_url = $_SESSION['REQUEST_URI'];
  unset($_SESSION['REQUEST_URI']);
  }
- header('Location: ' . sanitizeInput($redirect_url));
+ header('Location: ' . str_replace('&amp;', '&', sanitizeInput($redirect_url)));
 } else {
  header('Location: login.php?error=baduser');
 }

diff --git a/mailscanner/conf.php.example b/mailscanner/conf.php.example
@@ -37,16 +37,17 @@ define('LANG', 'en');
 
 // Optional: If USER_SELECTABLE_LANG is defined and the value contains more than one language then the user gets a dropdown 
 // in the gui to change the language of his browser. The selectable languages are defined as a comma separated list.
-//define('USER_SELECTABLE_LANG', 'de,en,fr,it,nl,pt_br');
+define('USER_SELECTABLE_LANG', 'de,en,fr,it,nl,pt_br');
 
 // Session Handling - conflicts can exist when the your environment makes use of multiple php sessions on the same server
 // to resolve this, uncomment the following option. See https://github.com/mailwatch/MailWatch/issues/730 for more info
+// A valid session name may consists of digits, letters A to Z (both upper and lower case), comma and dash
 //define('SESSION_NAME', 'MailWatch');
 
 // Session Timeout - Sets the global session timeout value, default is 600 sec (10 minutes) if not defined
 // Range is 0 to 99999 seconds. Setting to 0 will disable session timeout and active session statuses.
 // This can also be set individually per user in the MailWatch GUI for greater flexibility.
-//define('SESSION_TIMEOUT', 600);
+define('SESSION_TIMEOUT', 600);
 
 // Database settings
 //
@@ -70,7 +71,6 @@ define('LDAP_PORT', '389');
 define('LDAP_DN', 'DC=example,DC=com');
 define('LDAP_USER', 'LDAPProxy@example.com'); // If no email set: cn=admin,dc=example,dc=com
 define('LDAP_PASS', 'secret');
-define('LDAP_SITE', 'default');
 define('LDAP_FILTER', 'mail=%s'); //%s will be replaced by username eg. 'mail=%', 'mail=SMTP:%s', 'sAMAccountName=%s'
 define('LDAP_PROTOCOL_VERSION', 3);
 // can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
@@ -106,7 +106,7 @@ define('MS_CONFIG_DIR', '/etc/MailScanner/');
 define('MS_SHARE_DIR', '/usr/share/MailScanner/'); // Path for ConfigDefs.pl file
 define('MS_LIB_DIR', '/usr/lib/MailScanner/'); // Path for sophos-wrapper file
 define('MS_EXECUTABLE_PATH', '/usr/sbin/MailScanner');
-define('IMAGES_DIR', './images/'); // Trailing slash needed
+define('IMAGES_DIR', '/images/'); // Both leading and trailing slash needed
 define('SA_DIR', '/usr/bin/');
 define('SA_RULES_DIR', '/usr/share/spamassassin/');
 define('SA_PREFS', MS_CONFIG_DIR . 'spamassassin.conf'); // spam.assassin.prefs.conf in V4, spamassassin.conf in V5
@@ -156,6 +156,7 @@ define('MAILWATCH_MAIL_PORT', '25');
 //define('MAILWATCH_SMTP_HOSTNAME', gethostname());
 // Change with a fully qualified email address
 define('MAILWATCH_FROM_ADDR', 'postmaster@domain.tld');
+// Don't add trailing slash
 define('MAILWATCH_HOSTURL', 'http://' . rtrim(gethostname()) . '/mailscanner');
 
 /* Quarantine settings */

diff --git a/mailscanner/database.php b/mailscanner/database.php
@@ -59,7 +59,8 @@ public static function connect($host = '', $username = '', $password = '', $data
  }
  self::$link->set_charset($charset);
  } catch (Exception $e) {
- $output = '
+ if (PHP_SAPI !== 'cli') {
+ $output = '
 <style>
 .db-error {
  width: 40%;
@@ -80,8 +81,11 @@ public static function connect($host = '', $username = '', $password = '', $data
 }
 </style>
  <div class="db-error">';
- $output .= __('dbconnecterror99');
- $output .= '</div>';
+ $output .= __('dbconnecterror99');
+ $output .= '</div>';
+ } else {
+ $output = __('dbconnecterror99_plain') . PHP_EOL;
+ }
  die($output);
  }
  }

diff --git a/mailscanner/detail.php b/mailscanner/detail.php
@@ -387,7 +387,7 @@
  // Release
  if (isset($_POST['release'])) {
  // Send to the original recipient(s) or to an alternate address
- if (deepSanitizeInput($_POST['alt_recpt_yn'], 'url') === 'y') {
+ if (isset($_POST['alt_recpt_yn']) && deepSanitizeInput($_POST['alt_recpt_yn'], 'url') === 'y') {
  $to = deepSanitizeInput($_POST['alt_recpt'], 'string');
  if (!validateInput($to, 'user')) {
  die(__('error04') . ' ' . $to);

diff --git a/mailscanner/do_message_ops.php b/mailscanner/do_message_ops.php
@@ -89,9 +89,9 @@
  echo '<td><a href="detail.php?token=' . $_SESSION['token'] . '&amp;id=' . $id . '">' . $id . '</a></td>';
  echo '<td>' . $type . '</td>';
  if (empty($items)) {
- echo '<td style="color: #ff0000;">' . __('diemnf21') . '</td>' . "\n";
+ echo '<td class="error">' . __('diemnf21') . '</td>' . "\n";
  } elseif (is_string($items)) {
- echo '<td style="color: #ff0000;">' . $items . '</td>' . "\n";
+ echo '<td class="error">' . $items . '</td>' . "\n";
  } else {
  if (count($items) > 0) {
  $num = 0;
@@ -127,7 +127,7 @@
  echo '<tr><td colspan="3">' . __('diemnf21') . '</td></tr>' . "\n";
 }
 echo ' </table>' . "\n";
-echo '<p style="text-align:center"><a href="javascript:history.back(1)">' . __('back21') . '</a></p><br>' . "\n";
+echo '<p class="center"><a href="javascript:history.back(1)">' . __('back21') . '</a></p><br>' . "\n";
 
 //Add footer
 html_end();

diff --git a/mailscanner/f-prot_status.php b/mailscanner/f-prot_status.php
@@ -49,8 +49,8 @@
  </tr>
 </table>';
 
-// Add footer
+ // Add footer
  html_end();
-// Close any open db connections
+ // Close any open db connections
  dbclose();
 }
diff --git a/mailscanner/f-secure_status.php b/mailscanner/f-secure_status.php
@@ -48,8 +48,8 @@
  </tr>
 </table>';
 
-// Add footer
+ // Add footer
  html_end();
-// Close any open db connections
+ // Close any open db connections
  dbclose();
 }
diff --git a/mailscanner/filter.inc.php b/mailscanner/filter.inc.php
@@ -296,7 +296,7 @@ public function DisplayForm()
  $return .= '<tr><td><input type="text" size="50" name="save_as"></td><td align="right"><button type="submit" name="action" value="save">' . __('save09') . '</button></td></tr>' . "\n";
  $return .= '<tr><td>' . "\n";
  $return .= $this->ListSaved();
- $return .= '</td><td style="white-space: nowrap; text-align:right;"><button type="submit" name="action" value="load">' . __('load09') . '</button>&nbsp;<button type="submit" name="action" value="save">' . __('save09') . '</button>&nbsp;<button type="submit" name="action" value="delete">' . __('delete09') . '</button></td></tr>' . "\n";
+ $return .= '</td><td class="filterbuttons"><button type="submit" name="action" value="load">' . __('load09') . '</button>&nbsp;<button type="submit" name="action" value="save">' . __('save09') . '</button>&nbsp;<button type="submit" name="action" value="delete">' . __('delete09') . '</button></td></tr>' . "\n";
  $return .= '</table>' . "\n";
  $return .= '<input type="hidden" name="token" value="' . $_SESSION['token'] . '">' . "\n";
  $return .= '<input type="hidden" name="formtoken" value="' . generateFormToken('/filter.inc.php form token') . '">' . "\n";