Commit 64d4ad62 authored by Claudemir Todo Bom's avatar Claudemir Todo Bom

* validate captcha on junkrelease / execute junkrelease system command

parent 897bc924
Pipeline #171 passed with stage
in 1 minute and 28 seconds
......@@ -17,17 +17,54 @@ $htmlfoot="
</body>
</html>";
$htmlrecaptchabutton='
<p>Para confirmar a liberação da mensagem, clique no botão abaixo:</p>
<form id="junkreleaseForm" action="/wwmail/junkrelease.php'.$_SERVER["PATH_INFO"].'" method="post">
<script>function submitCallback(v) { document.getElementById("junkreleaseForm").submit(); };</script>
<input type="hidden" name="messageID" value="%s"><input type="hidden" name="ts" value="%s"><input type="hidden" name="hash" value="%s">
<button
class="g-recaptcha"
data-sitekey="%s"
data-callback="submitCallback">Confirmar Liberação</button>
</form>
';
$config = parse_ini_string(file_read_without_comments("/etc/default/wwmail"));
$pathinfo = get_pathinfo();
echo $htmlhead;
if ($config["WW_RECAPTCHA_SITE"] && $config["WW_RECAPTCHA_SECRET"]) {
echo "<script src='https://www.google.com/recaptcha/api.js'></script>";
echo "<script src='wwmail.js'></script>";
}
echo "<h2>Liberação de Quarentena</h2>";
if ($pathinfo) {
$command = 'sudo -u mail /usr/local/bin/junkrelease.sh ' . $pathinfo[0] . ' ' . $pathinfo[1] . '';
echo '<pre>' . $command . '</pre>';
if ($config["WW_RECAPTCHA_SITE"] && $config["WW_RECAPTCHA_SECRET"] && !$_REQUEST["g-recaptcha-response"]) {
printf($htmlrecaptchabutton,$_REQUEST["messageID"], $_REQUEST["ts"] , $_REQUEST["hash"], $config["WW_RECAPTCHA_SITE"]);
} else {
$valid = TRUE;
if ($config["WW_RECAPTCHA_SITE"] && $config["WW_RECAPTCHA_SECRET"]) {
$valid = FALSE;
$validatecaptcha = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$config["WW_RECAPTCHA_SECRET"]."&response=".$_REQUEST["g-recaptcha-response"]."&remoteip=".$_SERVER['REMOTE_ADDR']),TRUE);
$valid = $validatecaptcha["success"];
}
if ($valid) {
echo "<p>Liberação solicitada, verifique sua caixa de entrada.</p>";
$command = 'sudo -u mail /usr/local/bin/junkrelease.sh ' . $pathinfo[0] . ' ' . $pathinfo[1] . '';
echo "<p>Autorizando o envio:</p>";
exec($command,$response);
echo "<pre>".htmlspecialchars(implode("\n",$response))."</pre>";
} else {
echo "\n<b>Verificação falhou</b>\n";
}
}
} else {
echo "<p>Parâmetros incorretos</p>";
}
echo $htmlfoot;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment