mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
vacation.php:
- split off $fDomain from ?username= (admin mode) - basic sanity check for ?username= (admin mode) - urlencode $fDomain for $Return_url (admin mode) - don't split off domain from username in users mode (not needed) - added various TODO notes - some whitespace fixes near the end of the file (2*3 lines) list-virtual_mailbox.tpl - don't include domain in link to vacation.php (no longer needed) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1172 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
0403a0a55a
commit
1033c950fa
@ -74,7 +74,7 @@
|
||||
{else}
|
||||
{assign var="v_active" value=$PALANG.pOverview_vacation_option}
|
||||
{/if}
|
||||
<td><a href="vacation.php?username={$item.username|escape:"url"}&domain={$fDomain|escape:"url"}">{$v_active}</a></td>
|
||||
<td><a href="vacation.php?username={$item.username|escape:"url"}">{$v_active}</a></td>
|
||||
{/if}
|
||||
{else}
|
||||
<td> </td>
|
||||
|
31
vacation.php
31
vacation.php
@ -38,25 +38,25 @@
|
||||
|
||||
require_once('common.php');
|
||||
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
$tmp = preg_split ('/@/', $SESSID_USERNAME);
|
||||
$USERID_DOMAIN = $tmp[1];
|
||||
|
||||
// only allow admins to change someone else's 'stuff'
|
||||
if(authentication_has_role('admin')) {
|
||||
$Admin_role = 1 ;
|
||||
$fUsername = safeget('username');
|
||||
list(/*NULL*/,$fDomain) = explode('@',$fUsername);
|
||||
$Return_url = "list-virtual.php?domain=" . urlencode($fDomain);
|
||||
|
||||
if (isset($_GET['username'])) $fUsername = escape_string ($_GET['username']);
|
||||
if (isset($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
|
||||
$Return_url = "list-virtual.php?domain=$fDomain";
|
||||
# TODO: better check for valid username (check if mailbox exists)
|
||||
# TODO: (should be done in VacationHandler)
|
||||
if ($fDomain == '' || !check_owner(authentication_get_username(), $fDomain)) {
|
||||
die("Invalid username!"); # TODO: better error message
|
||||
}
|
||||
}
|
||||
else {
|
||||
$Admin_role = 0 ;
|
||||
# $Return_url = "users/main.php";
|
||||
$Return_url = "main.php";
|
||||
authentication_require_role('user');
|
||||
$fUsername = $SESSID_USERNAME;
|
||||
$fDomain = $USERID_DOMAIN;
|
||||
$fUsername = authentication_get_username();
|
||||
}
|
||||
|
||||
// is vacation support enabled in $CONF ?
|
||||
@ -86,6 +86,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
|
||||
}
|
||||
|
||||
if($vh->check_vacation() and (!$Admin_role)) {
|
||||
# TODO: would also be useful for admins, but needs a text change to include the username
|
||||
flash_info($PALANG['pUsersVacation_welcome_text']);
|
||||
}
|
||||
|
||||
@ -141,14 +142,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
// If NO error then diplay flash message and go back to right url where we came from
|
||||
if($error == 0) {
|
||||
if(!empty ($fBack)) {
|
||||
flash_info(sprintf($PALANG['pVacation_result_removed'],$tUseremail));
|
||||
header ("Location: $Return_url");
|
||||
exit;
|
||||
flash_info(sprintf($PALANG['pVacation_result_removed'],htmlentities($tUseremail)));
|
||||
header ("Location: $Return_url");
|
||||
exit;
|
||||
}
|
||||
if(!empty($fChange)) {
|
||||
flash_info(sprintf($PALANG['pVacation_result_added'],$tUseremail));
|
||||
header ("Location: $Return_url");
|
||||
exit;
|
||||
flash_info(sprintf($PALANG['pVacation_result_added'],htmlentities($tUseremail)));
|
||||
header ("Location: $Return_url");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
Loading…
Reference in New Issue
Block a user