diff --git a/hMailAdmin/hm_tlsreports.php b/hMailAdmin/hm_tlsreports.php index b0a73d3..86c4458 100644 --- a/hMailAdmin/hm_tlsreports.php +++ b/hMailAdmin/hm_tlsreports.php @@ -7,7 +7,7 @@ if (empty($hmail_config['tlsreport_enable'])) exit('

' . Translate("TLS reports") . '

' . Translate("TLS reports are not enabled in config.php") . '

') . PHP_EOL; -$folder = './logs/tls'; +$folder = './logs/tls/'; function get_reports($folder) { global $hmail_config; @@ -113,7 +113,7 @@ function save_json_attachment($inbox, $email_number, $part, $index, $folder) { /* Search directory for reports. */ -$new_report_count = get_reports(); +$new_report_count = get_reports($folder); $files = glob($folder . '*.json'); $reports_count = count($files); if (!empty($files)) $reports = parse($files); @@ -183,6 +183,7 @@ function parse($files){

()

'.$report['domain'].' – '.$report['org'].' – '.date('Y-m-d', strtotime($report['date-range']['date-begin'])).''; diff --git a/hMailAdmin/index.php b/hMailAdmin/index.php index d6689aa..5e13dd4 100644 --- a/hMailAdmin/index.php +++ b/hMailAdmin/index.php @@ -5,7 +5,8 @@ header('X-Content-Type-Options: nosniff'); header('X-Frame-Options: DENY'); header('Content-Security-Policy: default-src \'none\'; script-src \'self\' \'unsafe-inline\'; connect-src \'self\'; img-src \'self\'; style-src \'self\' \'unsafe-inline\'; font-src \'self\' \'unsafe-inline\';'); -header('X-XSS-Protection: 1; mode=block'); +// https://github.com/OWASP/CheatSheetSeries/issues/376 +header('X-XSS-Protection: 0'); if (!file_exists("config.php")) { echo "Please rename config-dist.php to config.php. The file is found in the hMailAdmin root folder.";