mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2026-07-05 10:28:00 +02:00
Fix critical webmail bugs: XSS, SSRF, install ordering, and UI issues
Security fixes: - Escape plain text body to prevent XSS via trustAsHtml - Add SSRF protection to image proxy (block private IPs, require auth) - Sanitize Content-Disposition filename to prevent header injection - Escape Sieve script values to prevent script injection - Escape IMAP search query to prevent search injection Install/upgrade fixes: - Move setupWebmail() call to after Dovecot is installed (was running before doveadm existed, silently failing on every fresh install) - Make setupWebmail() a static method callable from install.py - Fix upgrade idempotency: always run dovecot.conf patching and migrations even if webmail.conf already exists (partial failure recovery) Frontend fixes: - Fix search being a no-op (was ignoring results and just reloading) - Fix loading spinner stuck forever on API errors (add errback) - Fix unread count decrementing on already-read messages - Fix draft auto-save timer leak when navigating away from compose - Fix composeToContact missing signature and auto-save - Fix null subject crash in reply/forward - Clear stale data when switching accounts - Fix attachment part_id mismatch between parser and downloader Backend fixes: - Fix Sieve _read_response infinite loop on connection drop - Add login check to apiSaveDraft
This commit is contained in:
@@ -2880,11 +2880,13 @@ def main():
|
||||
checks.install_postfix_dovecot()
|
||||
checks.setup_email_Passwords(installCyberPanel.InstallCyberPanel.mysqlPassword, mysql)
|
||||
checks.setup_postfix_dovecot_config(mysql)
|
||||
installCyberPanel.InstallCyberPanel.setupWebmail()
|
||||
else:
|
||||
if args.postfix == 'ON':
|
||||
checks.install_postfix_dovecot()
|
||||
checks.setup_email_Passwords(installCyberPanel.InstallCyberPanel.mysqlPassword, mysql)
|
||||
checks.setup_postfix_dovecot_config(mysql)
|
||||
installCyberPanel.InstallCyberPanel.setupWebmail()
|
||||
|
||||
checks.install_unzip()
|
||||
checks.install_zip()
|
||||
|
||||
Reference in New Issue
Block a user