Merge #2900

2900: bugfix for gpg execution with roundcube (backport #2893) r=mergify[bot] a=mergify[bot]

This is an automatic backport of pull request #2893 done by [Mergify](https://mergify.com).


---


<details>
<summary>Mergify commands and options</summary>

<br />

More conditions and actions can be found in the [documentation](https://docs.mergify.com/).

You can also trigger Mergify actions by commenting on this pull request:

- ``@Mergifyio` refresh` will re-evaluate the rules
- ``@Mergifyio` rebase` will rebase this PR on its base branch
- ``@Mergifyio` update` will merge the base branch into this PR
- ``@Mergifyio` backport <destination>` will backport this PR on `<destination>` branch

Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can:

- look at your merge queues
- generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com
</details>

Co-authored-by: Helmuth Breitenfellner <helmuth@breitenfellner.at>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>

towncrier/newsfragments/2892.bugfix

@@ -0,0 +1 @@
+Fix GPG operations from Roundcube - calling gpg with full path was blocked

webmails/snuffleupagus.rules

@@ -73,7 +73,7 @@ sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)
 sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 # This is **very** broad but doing better is non-straightforward
-sp.disable_function.function("proc_open").param("command").value_r("^gpg ").allow();
+sp.disable_function.function("proc_open").param("command").value_r("^(/usr/bin/)?gpg ").allow();
 sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 
 # Prevent runtime modification of interesting things