From bb840239a5aa214b2b6525238c53943fc08c28ea Mon Sep 17 00:00:00 2001
From: David Goodwin <david@palepurple.co.uk>
Date: Mon, 15 Dec 2008 21:27:31 +0000
Subject: [PATCH] edit-domain.php: only allow valid transport definitions
 through

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@501 a1433add-5e2c-0410-b055-b7f2511e0802
---
 edit-domain.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/edit-domain.php b/edit-domain.php
index d168238f..2f7f5a76 100644
--- a/edit-domain.php
+++ b/edit-domain.php
@@ -69,7 +69,10 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
 
     $fTransport = $CONF['transport_default'];
     if($CONF['transport'] != 'NO' && isset ($_POST['fTransport'])) {
-        $fTransport = escape_string ($_POST['fTransport']);
+        $fTransport = escape_string($_POST['fTransport']);
+        if(!in_array($fTransport, $CONF['transport_options'])) {
+            die("Invalid transport option given; check config.inc.php");
+        }
     }
 
     if (isset ($_POST['fBackupmx'])) $fBackupmx = escape_string ($_POST['fBackupmx']);