list-virtual.php

- add in_array check to avoid that superadmins can enter invalid domains
- the check_owner check is probably obsolete after this change. I left it
  in (with a clear message) until I'm 100% sure that it's really unneeded.
- move sticky domain code below error checking - the session should only
  include valid domains ;-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@779 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
Christian Boltz 15 years ago
parent 3922f6fece
commit 16036cfd4d

@ -62,12 +62,6 @@ else
$search = escape_string(safepost('search'));
}
// store fDomain in $_SESSION so after adding/editing aliases/mailboxes we can
// take the user back to the appropriate domain listing. (see templates/menu.php)
if($fDomain) {
$_SESSION['list_virtual_sticky_domain'] = $fDomain;
}
if (count($list_domains) == 0) {
# die("no domains");
flash_error( $PALANG['invalid_parameter'] );
@ -77,13 +71,24 @@ if (count($list_domains) == 0) {
if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) if (empty ($fDomain)) $fDomain = $list_domains[0];
if (!check_owner(authentication_get_username(), $fDomain)) {
# die($PALANG['invalid_parameter']);
if(!in_array($fDomain, $list_domains)) {
flash_error( $PALANG['invalid_parameter'] );
header("Location: list-domain.php"); # invalid domain, or not owned by this admin
exit;
}
if (!check_owner(authentication_get_username(), $fDomain)) {
flash_error( $PALANG['invalid_parameter'] . " If you see this message, please open a bugreport"); # this check is most probably obsoleted by the in_array() check above
header("Location: list-domain.php"); # domain not owned by this admin
exit(0);
}
// store fDomain in $_SESSION so after adding/editing aliases/mailboxes we can
// take the user back to the appropriate domain listing. (see templates/menu.php)
if($fDomain) {
$_SESSION['list_virtual_sticky_domain'] = $fDomain;
}
#
# alias domain
#

Loading…
Cancel
Save