banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ensure domain name is in a list of valid domain names; set for use within the template so the right one is selected if ?domain=XXX was in the url

Browse Source 
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@110 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
David Goodwin 17 years ago
parent 4e4af1a099
commit 3b38d12315
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File

8
create-mailbox.php
Unescape Escape View File

@ -46,7 +46,7 @@ if(authentication_has_role('global-admin')) {
$list_domains = list_domains (); $list_domains = list_domains ();
} }
else { else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME); $list_domains = list_domains_for_admin($SESSID_USERNAME);
} }
@ -56,14 +56,18 @@ $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
$fDomain = $list_domains[0];
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if(!in_array($fDomain, $list_domains)) {
die("Invalid domain name selected, or you tried to select a domain you are not an admin for");
}
$tDomain = $fDomain;
$result = db_query ("SELECT * FROM $table_domain WHERE domain='$fDomain'"); $result = db_query ("SELECT * FROM $table_domain WHERE domain='$fDomain'");
if ($result['rows'] == 1) if ($result['rows'] == 1)
{ {
$row = db_array ($result['result']); $row = db_array ($result['result']);
$tQuota = $row['maxquota']; $tQuota = $row['maxquota'];
} }
} }

Write Preview
Loading…
Cancel
Save