ensure domain name is in a list of valid domain names; set for use within the template so the right one is selected if ?domain=XXX was in the url

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@110 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago · 3b38d12315
parent 4e4af1a099
commit 3b38d12315
1 changed files with 6 additions and 2 deletions
--- a/create-mailbox.php
+++ b/create-mailbox.php
@ -46,7 +46,7 @@ if(authentication_has_role('global-admin')) {
   $list_domains = list_domains ();
 }
 else {
-   $list_domains = list_domains_for_admin ($SESSID_USERNAME);
+   $list_domains = list_domains_for_admin($SESSID_USERNAME);
 }


@ -56,14 +56,18 @@ $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
+   $fDomain = $list_domains[0];
   if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);

+   if(!in_array($fDomain, $list_domains)) {
+      die("Invalid domain name selected, or you tried to select a domain you are not an admin for");
+   }
+   $tDomain = $fDomain;
   $result = db_query ("SELECT * FROM $table_domain WHERE domain='$fDomain'");
   if ($result['rows'] == 1)
   {
      $row = db_array ($result['result']);
      $tQuota = $row['maxquota'];
-
   }
 }