public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-12-24 23:31:34 +00:00
Code Issues Releases Wiki Activity

Add validation for User-Agent in DEV_MODE bypass

Browse Source 
Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-12-12 16:12:37 +00:00
parent 89b4676641
commit 88376566f9
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/web/inc/sessions.inc.php
View File

@@ -134,12 +134,13 @@ if (isset($_POST["logout"])) {
// Check session // Check session
function session_check() { function session_check() {
global $DEV_MODE; global $DEV_MODE;
if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) { if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
return true; return true;
} }
if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) { if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
// In development mode, allow User-Agent changes (e.g., for responsive testing in dev tools) // In development mode, allow User-Agent changes (e.g., for responsive testing in dev tools)
if ($DEV_MODE && isset($_SESSION['SESS_REMOTE_UA'])) { if ($DEV_MODE && isset($_SESSION['SESS_REMOTE_UA']) && !empty($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) < 500) {
$_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
return true; return true;
} }