Skip to content

Commit

Permalink
[Exchange] Filter out illegal characters
Browse files Browse the repository at this point in the history
  • Loading branch information
IvanSchulz committed Oct 29, 2024
1 parent 30706f3 commit 96637d1
Show file tree
Hide file tree
Showing 6 changed files with 104 additions and 79 deletions.
13 changes: 13 additions & 0 deletions SolidCP/Sources/SolidCP.WebPortal/Code/PortalAntiXSS.cs
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

using System;
using System.Text.RegularExpressions;
//using System.Collections.Generic;
//using System.Linq;
using System.Web;
Expand All @@ -44,6 +45,18 @@ namespace SolidCP.Portal
{
public class PortalAntiXSS
{
public static string CheckExchangeRecipientName(string input)
{
Regex pattern = new Regex("['\"]");
return pattern.Replace(input, "");
}

public static string CheckExchangeDomainName(string input)
{
Regex pattern = new Regex(@"[~!@#$%^&*()\+=\{\}\[\]\\:"";'<>,.?/]");
return pattern.Replace(input, "");
}

public static string Encode(string input)
{
return Encoder.HtmlEncode(input);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
</asp:Label>
<div class="col-sm-4">
<div class="input-group">
<asp:TextBox ID="txtFirstName" runat="server" CssClass="form-control" onKeyUp="buildDisplayName();" placeholder="First Name"></asp:TextBox>
<asp:TextBox ID="txtFirstName" runat="server" CssClass="form-control" onKeyUp="buildDisplayName();" placeholder="First Name" MaxLength="64"></asp:TextBox>
<span class="input-group-addon" title="Required"><i class="fa fa-asterisk" aria-hidden="true"></i></span>
</div>
</div>
Expand All @@ -80,7 +80,7 @@
</div>
<div class="col-sm-4">
<div class="input-group">
<asp:TextBox ID="txtLastName" runat="server" CssClass="form-control" onKeyUp="buildDisplayName();" placeholder="Last Name"></asp:TextBox>
<asp:TextBox ID="txtLastName" runat="server" CssClass="form-control" onKeyUp="buildDisplayName();" placeholder="Last Name" MaxLength="64"></asp:TextBox>
<span class="input-group-addon" title="Required"><i class="fa fa-asterisk" aria-hidden="true"></i></span>
</div>
</div>
Expand All @@ -91,7 +91,7 @@
</asp:Label>
<div class="col-sm-10">
<div class="input-group">
<asp:TextBox ID="txtDisplayName" runat="server" CssClass="form-control"></asp:TextBox>
<asp:TextBox ID="txtDisplayName" runat="server" CssClass="form-control" MaxLength="64"></asp:TextBox>
<span class="input-group-addon" title="Required"><i class="fa fa-asterisk" aria-hidden="true"></i></span>
</div>
<asp:RequiredFieldValidator ID="valRequireDisplayName" runat="server" meta:resourcekey="valRequireDisplayName" ControlToValidate="txtDisplayName"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -150,17 +150,17 @@ private void CreateMailbox()

try
{
string name = IsNewUser ? email.AccountName : userSelector.GetPrimaryEmailAddress().Split('@')[0];
string displayName = IsNewUser ? txtDisplayName.Text.Trim() : userSelector.GetDisplayName();
string accountName = IsNewUser ? string.Empty : userSelector.GetAccount();
string name = PortalAntiXSS.CheckExchangeRecipientName(IsNewUser ? email.AccountName : userSelector.GetPrimaryEmailAddress().Split('@')[0]);
string displayName = PortalAntiXSS.CheckExchangeRecipientName(IsNewUser ? txtDisplayName.Text.Trim() : userSelector.GetDisplayName());
string accountName = PortalAntiXSS.CheckExchangeRecipientName(IsNewUser ? string.Empty : userSelector.GetAccount());

bool enableArchive = chkEnableArchiving.Checked;

ExchangeAccountType type = IsNewUser
? (ExchangeAccountType)Utils.ParseInt(rbMailboxType.SelectedValue, 1)
: ExchangeAccountType.Mailbox;

string domain = IsNewUser ? email.DomainName : userSelector.GetPrimaryEmailAddress().Split('@')[1];
string domain = PortalAntiXSS.CheckExchangeDomainName(IsNewUser ? email.DomainName : userSelector.GetPrimaryEmailAddress().Split('@')[1]);

int accountId = IsNewUser ? 0 : userSelector.GetAccountId();

Expand Down Expand Up @@ -223,6 +223,11 @@ private void SetUserAttributes(int accountId)
{
OrganizationUser user = ES.Services.Organizations.GetUserGeneralSettings(PanelRequest.ItemID, accountId);

txtDisplayName.Text = PortalAntiXSS.CheckExchangeRecipientName(txtDisplayName.Text.Trim());
txtFirstName.Text = PortalAntiXSS.CheckExchangeRecipientName(txtFirstName.Text.Trim());
txtInitials.Text = PortalAntiXSS.CheckExchangeRecipientName(txtInitials.Text.Trim());
txtLastName.Text = PortalAntiXSS.CheckExchangeRecipientName(txtLastName.Text.Trim());

ES.Services.Organizations.SetUserGeneralSettings(
PanelRequest.ItemID, accountId,
txtDisplayName.Text,
Expand Down
Loading

0 comments on commit 96637d1

Please sign in to comment.