You've already forked postfixadmin
mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2025-08-09 05:02:44 +03:00
after an hour of debugging with Han on #postfixadmin...
functions.inc.php: - added error message if the check_owner query returns more than one result. This can happen with old databases (pre-2.3) where the domain_admins table contains "ALL" _and_ a domain for a superadmin - which results in the superadmin not able to edit mailboxes etc. for this domain. (Error message not translatable - this is a corner case.) list-virtual.php: - add "invalid parameter" error message before redirecting to list-domain if the user doesn't have permissions for a domain git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@778 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
@@ -734,6 +734,10 @@ function check_owner ($username, $domain)
|
||||
$result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND (domain='$domain' OR domain='ALL') AND active='1'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
if ($result['rows'] > 1) { # "ALL" + specific domain permissions. 2.3 doesn't create such entries, but they are available as leftover from older versions
|
||||
flash_error("Permission check returned more than one result. Please go to 'edit admin' for your username and press the save "
|
||||
. "button once to fix the database. If this doesn't help, open a bugreport.");
|
||||
}
|
||||
return false;
|
||||
}
|
||||
else
|
||||
|
@@ -70,6 +70,7 @@ if($fDomain) {
|
||||
|
||||
if (count($list_domains) == 0) {
|
||||
# die("no domains");
|
||||
flash_error( $PALANG['invalid_parameter'] );
|
||||
header("Location: list-domain.php"); # no domains (for this admin at least) - redirect to domain list
|
||||
exit;
|
||||
}
|
||||
@@ -78,6 +79,7 @@ if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) if (empty ($fDoma
|
||||
|
||||
if (!check_owner(authentication_get_username(), $fDomain)) {
|
||||
# die($PALANG['invalid_parameter']);
|
||||
flash_error( $PALANG['invalid_parameter'] );
|
||||
header("Location: list-domain.php"); # domain not owned by this admin
|
||||
exit(0);
|
||||
}
|
||||
|
Reference in New Issue
Block a user