From 6d00833c7512eb67b51a300567ff0e40fb6ac7fb Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Sat, 17 Jul 2021 10:31:06 +0100
Subject: [PATCH] probable fix for
 https://github.com/postfixadmin/postfixadmin/issues/516 - admins can see all
 domains so no fDomain parameter etc

---
 public/viewlog.php | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/public/viewlog.php b/public/viewlog.php
index 3ef9c180..8ac99451 100644
--- a/public/viewlog.php
+++ b/public/viewlog.php
@@ -67,14 +67,24 @@ if ($error != 1) {
     $table_log = table_by_key('log');
     $page_size = isset($CONF['page_size']) ? intval($CONF['page_size']) : 35;
 
-    $where_domain = $fDomain ? 'WHERE domain= :domain' : '';
+    $where = [];
+    $params = [];
+    if($fDomain) {
+        $where[] = 'domain = :domain' ;
+        $params['domain'] = $fDomain;
+    }
 
-    $query = "SELECT timestamp,username,domain,action,data FROM $table_log $where_domain ORDER BY timestamp DESC LIMIT $page_size";
+    $where_sql = '';
+    if(!empty($where)) {
+        $where_sql = 'WHERE ' . implode(' AND ', $where);
+    } 
+
+    $query = "SELECT timestamp,username,domain,action,data FROM $table_log $where_sql ORDER BY timestamp DESC LIMIT $page_size";
 
     if (db_pgsql()) {
-        $query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log $where_domain ORDER BY timestamp DESC LIMIT $page_size";
+        $query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log $where_sql ORDER BY timestamp DESC LIMIT $page_size";
     }
-    $result = db_query_all($query, array('domain' => $fDomain));
+    $result = db_query_all($query, $params);
     foreach ($result as $row) {
         if (is_array($row) && db_pgsql()) {
             $row['timestamp'] = gmstrftime('%c %Z', $row['timestamp']);