- Add ACL check on parent folder

program/localization/en_US/messages.inc

@@ -150,5 +150,6 @@ $messages['folderupdated'] = 'Folder updated successfully.';
 $messages['foldercreated'] = 'Folder created successfully.';
 $messages['invalidimageformat'] = 'Not a valid image format.';
 $messages['mispellingsfound'] = 'Spelling errors detected in the message.';
+$messages['parentnotwritable'] = 'Unable to create/move folder into selected parent folder. No access rights.';
 
 ?>

program/steps/settings/edit_folder.inc

@@ -255,7 +255,7 @@ function rcmail_folder_form($attrib)
             $content = rcmail_get_form_part($tab);
         }
 
-        if ($content) {        
+        if ($content) {
             $out .= html::tag('fieldset', null, html::tag('legend', null, Q($tab['name'])) . $content) ."\n";
         }
     }

program/steps/settings/save_folder.inc

@@ -55,6 +55,16 @@ else {
     }
 }
 
+// Check access rights to the parent folder
+if (!$error && strlen($path)) {
+    $parent_opts = $RCMAIL->imap->mailbox_info($path);
+    if ($parent_opts['namespace'] != 'personal'
+        && (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts)))
+    ) {
+        $error = rcube_label('parentnotwritable');
+    }
+}
+
 if ($error) {
     $OUTPUT->command('display_message', $error, 'error');
 }