From a4e1c724be8729854c38c452a7bc248a3ee16f39 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 17 May 2020 16:14:08 +0200
Subject: Webmail: Fix allowed extensions for static resources.

  $ find -L /usr/share/roundcube/{plugins,program/js,program/resources,skins} -xtype f -printf "%f\\n" \
      | sed -r "s/^([^.]+)(.*)/\1\2\t\2/" | sort -k2 | uniq -c -f1
---
 roles/webmail/files/etc/nginx/sites-available/roundcube | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/webmail/files/etc/nginx/sites-available/roundcube b/roles/webmail/files/etc/nginx/sites-available/roundcube
index 7565b10..9763b31 100644
--- a/roles/webmail/files/etc/nginx/sites-available/roundcube
+++ b/roles/webmail/files/etc/nginx/sites-available/roundcube
@@ -58,7 +58,7 @@ server {
         fastcgi_pass unix:/var/run/php/php7.3-fpm@roundcube.sock;
     }
 
-    location ~ "^/(?:plugins|program/js|program/resources|skins)/.*[^./]\.(?:css|eot|gif|html|ico|jpg|js|pdf|png|svg|tif|ttf|woff)$" {
+    location ~ "^/(?:plugins|program/js|program/resources|skins)(?:/[[:alnum:]][[:alnum:]\-\._]*)+\.(?:css|eot|gif|html|ico|jpg|js|pdf|png|svg|tiff?|ttf|woff2?)$" {
         try_files $uri =404;
         expires 30d;
     }
-- 
cgit v1.2.3