githubFork/roundcubemail.git

Roundcubemail devel

parent: d9615118 | patch | commit | ignore whitespace

alecpl

2011-08-04 c6c99c89e68d43b705c702b4651cac81c78286d3

- Add ACL check on parent folder

3 files modified

	program/localization/en_US/messages.inc	1 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/edit_folder.inc	2 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/save_folder.inc	10 ●●●●● patch \| view \| raw \| blame \| history

 program/localization/en_US/messages.inc

@@ -150,5 +150,6 @@
$messages['foldercreated'] = 'Folder created successfully.';
$messages['invalidimageformat'] = 'Not a valid image format.';
$messages['mispellingsfound'] = 'Spelling errors detected in the message.';
$messages['parentnotwritable'] = 'Unable to create/move folder into selected parent folder. No access rights.';

?>

 program/steps/settings/edit_folder.inc

@@ -255,7 +255,7 @@
            $content = rcmail_get_form_part($tab);
        }

        if ($content) {        
        if ($content) {
            $out .= html::tag('fieldset', null, html::tag('legend', null, Q($tab['name'])) . $content) ."\n";
        }
    }

 program/steps/settings/save_folder.inc

@@ -55,6 +55,16 @@
    }
}

// Check access rights to the parent folder
if (!$error && strlen($path)) {
    $parent_opts = $RCMAIL->imap->mailbox_info($path);
    if ($parent_opts['namespace'] != 'personal'
        && (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts)))
    ) {
        $error = rcube_label('parentnotwritable');
    }
}

if ($error) {
    $OUTPUT->command('display_message', $error, 'error');
}

			@@ -150,5 +150,6 @@
			$messages['foldercreated'] = 'Folder created successfully.';
			$messages['invalidimageformat'] = 'Not a valid image format.';
			$messages['mispellingsfound'] = 'Spelling errors detected in the message.';
			$messages['parentnotwritable'] = 'Unable to create/move folder into selected parent folder. No access rights.';

			?>

			@@ -255,7 +255,7 @@
			$content = rcmail_get_form_part($tab);
			}

			if ($content) {
			if ($content) {
			$out .= html::tag('fieldset', null, html::tag('legend', null, Q($tab['name'])) . $content) ."\n";
			}
			}

			@@ -55,6 +55,16 @@
			}
			}

			// Check access rights to the parent folder
			if (!$error && strlen($path)) {
			$parent_opts = $RCMAIL->imap->mailbox_info($path);
			if ($parent_opts['namespace'] != 'personal'
			&& (empty($parent_opts['rights']) \|\| !preg_match('/[ck]/', implode($parent_opts)))
			) {
			$error = rcube_label('parentnotwritable');
			}
			}

			if ($error) {
			$OUTPUT->command('display_message', $error, 'error');
			}