From 856f0cccff15ef73e19d62c6be674679adcfbee3 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <msb@stackaas.com>
Date: Thu, 25 Mar 2021 15:37:50 -0700
Subject: [PATCH] added permissions checks

---
 bin/roundcubemail-settings-export.php | 8 ++++++++
 bin/roundcubemail-settings-import.php | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/bin/roundcubemail-settings-export.php b/bin/roundcubemail-settings-export.php
index 52a921a..b7cc224 100755
--- a/bin/roundcubemail-settings-export.php
+++ b/bin/roundcubemail-settings-export.php
@@ -24,6 +24,14 @@ if (!is_writable("/var/vmail/$virtualhost")) {
 
 $roundcubemail = array();
 
+if (!is_readable('/usr/local/etc/vmail-db-info.conf')) {
+  $user = posix_getpwuid(posix_geteuid());
+  $username = $user['name'];
+  echo "/var/vmail/$virtualhost is not writable by this user ($username).\n";
+  echo "re-run this script as user vmail or root or another user that can read the /usr/local/etc/vmail-db-info.conf config file\n";
+  exit;
+}
+
 $dbHost = trim(`grep -m 1 host /usr/local/etc/vmail-db-info.conf |cut -d = -f 2|cut -d ' ' -f 2`);
 $dbDatabase = trim(`grep -m 1 database /usr/local/etc/vmail-db-info.conf |cut -d = -f 2|cut -d ' ' -f 2`);
 $dbUser = trim(`grep -m 1 user /usr/local/etc/vmail-db-info.conf |cut -d = -f 2|cut -d ' ' -f 2`);
diff --git a/bin/roundcubemail-settings-import.php b/bin/roundcubemail-settings-import.php
index d949043..77ecdf0 100755
--- a/bin/roundcubemail-settings-import.php
+++ b/bin/roundcubemail-settings-import.php
@@ -9,8 +9,8 @@ if ($virtualhost == "") {
   exit;
 }
 
-if (!is_file("/var/vmail/$virtualhost/roundcubemail")) {
-  echo "$virtualhost roundcubemail file does not exist\n";
+if (!is_readable("/var/vmail/$virtualhost/roundcubemail")) {
+  echo "$virtualhost roundcubemail file does not exist or is not readable by you\n";
   exit;
 }