user quarantine: use raw pmail for ticket assembly

Currently, the quarantine report does not work if the recipient has
some encodable characters in their local part - e.g.
'some&other@domain.example'

When clicking on the links on the report the user gets still logged
in, the ticket _is_ valid after all, however their quarantine list is
empty, as the API call to `/quarantine/spamusers` returns 403 due to
the (encoded) username from the ticket not matching the (by the API
decoded) one from the request quarantine.

With this patch the username, which is includes in the ticket,
remains 'some&other@domain.example' instead of the encoded
'some&other@domain.example', thus the access check user
comparission work with the correct value again and the listing works
as expected

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
 [ TL: commit message additions and rewordings ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PMG/CLI/pmgqm.pm b/src/PMG/CLI/pmgqm.pm
index 72935796b6d4a237a680bded426f8a871b547b42..987ddc9d8e0f98ed0a494d95758ba172ddba92e1 100755 (executable)
--- a/src/PMG/CLI/pmgqm.pm
+++ b/src/PMG/CLI/pmgqm.pm
@@ -316,7 +316,7 @@ __PACKAGE__->register_method ({
                $data->{pmail_raw} = $ref->{pmail};
                $data->{managehref} = "$protocol_fqdn_port/quarantine";
                if ($data->{authmode} ne 'ldap') {
-                   $data->{ticket} = PMG::Ticket::assemble_quarantine_ticket($data->{pmail});
+                   $data->{ticket} = PMG::Ticket::assemble_quarantine_ticket($data->{pmail_raw});
                    my $esc_ticket = uri_escape($data->{ticket});
                    $data->{managehref} .= "?ticket=${esc_ticket}";
                }