mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
list-virtual.php
- add in_array check to avoid that superadmins can enter invalid domains - the check_owner check is probably obsolete after this change. I left it in (with a clear message) until I'm 100% sure that it's really unneeded. - move sticky domain code below error checking - the session should only include valid domains ;-) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@779 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
3922f6fece
commit
16036cfd4d
@ -62,12 +62,6 @@ else
|
||||
$search = escape_string(safepost('search'));
|
||||
}
|
||||
|
||||
// store fDomain in $_SESSION so after adding/editing aliases/mailboxes we can
|
||||
// take the user back to the appropriate domain listing. (see templates/menu.php)
|
||||
if($fDomain) {
|
||||
$_SESSION['list_virtual_sticky_domain'] = $fDomain;
|
||||
}
|
||||
|
||||
if (count($list_domains) == 0) {
|
||||
# die("no domains");
|
||||
flash_error( $PALANG['invalid_parameter'] );
|
||||
@ -77,13 +71,24 @@ if (count($list_domains) == 0) {
|
||||
|
||||
if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) if (empty ($fDomain)) $fDomain = $list_domains[0];
|
||||
|
||||
if (!check_owner(authentication_get_username(), $fDomain)) {
|
||||
# die($PALANG['invalid_parameter']);
|
||||
if(!in_array($fDomain, $list_domains)) {
|
||||
flash_error( $PALANG['invalid_parameter'] );
|
||||
header("Location: list-domain.php"); # invalid domain, or not owned by this admin
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!check_owner(authentication_get_username(), $fDomain)) {
|
||||
flash_error( $PALANG['invalid_parameter'] . " If you see this message, please open a bugreport"); # this check is most probably obsoleted by the in_array() check above
|
||||
header("Location: list-domain.php"); # domain not owned by this admin
|
||||
exit(0);
|
||||
}
|
||||
|
||||
// store fDomain in $_SESSION so after adding/editing aliases/mailboxes we can
|
||||
// take the user back to the appropriate domain listing. (see templates/menu.php)
|
||||
if($fDomain) {
|
||||
$_SESSION['list_virtual_sticky_domain'] = $fDomain;
|
||||
}
|
||||
|
||||
#
|
||||
# alias domain
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user