From d5d4d6c33711ad81c91b923ebdf8e755e70ab4f8 Mon Sep 17 00:00:00 2001 From: hoellen Date: Fri, 4 Jan 2019 18:01:46 +0100 Subject: [PATCH 1/2] harden email address validation and fix routes with user_email --- core/admin/mailu/internal/views/dovecot.py | 10 +++++----- core/admin/mailu/ui/forms.py | 2 +- core/admin/mailu/ui/views/fetches.py | 4 ++-- core/admin/mailu/ui/views/managers.py | 2 +- core/admin/mailu/ui/views/tokens.py | 4 ++-- core/admin/mailu/ui/views/users.py | 12 ++++++------ 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/core/admin/mailu/internal/views/dovecot.py b/core/admin/mailu/internal/views/dovecot.py index 463ecc20..f44f59bc 100644 --- a/core/admin/mailu/internal/views/dovecot.py +++ b/core/admin/mailu/internal/views/dovecot.py @@ -6,7 +6,7 @@ import flask import socket import os -@internal.route("/dovecot/passdb/") +@internal.route("/dovecot/passdb/") def dovecot_passdb_dict(user_email): user = models.User.query.get(user_email) or flask.abort(404) allow_nets = [] @@ -20,7 +20,7 @@ def dovecot_passdb_dict(user_email): }) -@internal.route("/dovecot/userdb/") +@internal.route("/dovecot/userdb/") def dovecot_userdb_dict(user_email): user = models.User.query.get(user_email) or flask.abort(404) return flask.jsonify({ @@ -28,7 +28,7 @@ def dovecot_userdb_dict(user_email): }) -@internal.route("/dovecot/quota//", methods=["POST"]) +@internal.route("/dovecot/quota//", methods=["POST"]) def dovecot_quota(ns, user_email): user = models.User.query.get(user_email) or flask.abort(404) if ns == "storage": @@ -37,12 +37,12 @@ def dovecot_quota(ns, user_email): return flask.jsonify(None) -@internal.route("/dovecot/sieve/name/