From c6c99c89e68d43b705c702b4651cac81c78286d3 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Thu, 04 Aug 2011 05:01:36 -0400
Subject: [PATCH] - Add ACL check on parent folder
---
program/steps/settings/edit_folder.inc | 2 +-
program/localization/en_US/messages.inc | 1 +
program/steps/settings/save_folder.inc | 10 ++++++++++
3 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc
index f86ba54..3f7db87 100644
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@@ -150,5 +150,6 @@
$messages['foldercreated'] = 'Folder created successfully.';
$messages['invalidimageformat'] = 'Not a valid image format.';
$messages['mispellingsfound'] = 'Spelling errors detected in the message.';
+$messages['parentnotwritable'] = 'Unable to create/move folder into selected parent folder. No access rights.';
?>
diff --git a/program/steps/settings/edit_folder.inc b/program/steps/settings/edit_folder.inc
index fe9cdc0..740c05e 100644
--- a/program/steps/settings/edit_folder.inc
+++ b/program/steps/settings/edit_folder.inc
@@ -255,7 +255,7 @@
$content = rcmail_get_form_part($tab);
}
- if ($content) {
+ if ($content) {
$out .= html::tag('fieldset', null, html::tag('legend', null, Q($tab['name'])) . $content) ."\n";
}
}
diff --git a/program/steps/settings/save_folder.inc b/program/steps/settings/save_folder.inc
index 498829c..2f51562 100644
--- a/program/steps/settings/save_folder.inc
+++ b/program/steps/settings/save_folder.inc
@@ -55,6 +55,16 @@
}
}
+// Check access rights to the parent folder
+if (!$error && strlen($path)) {
+ $parent_opts = $RCMAIL->imap->mailbox_info($path);
+ if ($parent_opts['namespace'] != 'personal'
+ && (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts)))
+ ) {
+ $error = rcube_label('parentnotwritable');
+ }
+}
+
if ($error) {
$OUTPUT->command('display_message', $error, 'error');
}
--
Gitblit v1.9.1