From b9a3ef486ebcde18a5ade37865ff8f397185d24f Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sun, 24 Jul 2016 05:30:59 -0400
Subject: [PATCH] Fixed #3979 Mailbox users unable to save autoresponders

---
 interface/web/capp.php |   76 ++++++++++++++++++++------------------
 1 files changed, 40 insertions(+), 36 deletions(-)

diff --git a/interface/web/capp.php b/interface/web/capp.php
index 68dbda0..3939269 100644
--- a/interface/web/capp.php
+++ b/interface/web/capp.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -28,50 +28,54 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-require_once('../lib/config.inc.php');
-require_once('../lib/app.inc.php');
+require_once '../lib/config.inc.php';
+require_once '../lib/app.inc.php';
 
-// importiere Modul
+//* Import module variable
 $mod = $_REQUEST["mod"];
+//* If we click on a search result, load that one instead of the module's start page
+$redirect = (isset($_REQUEST["redirect"]) ? $_REQUEST["redirect"] : '');
 
-// Checke ob User eingeloggt
-if(!is_array($_SESSION["s"]["user"])) header("Location: index.php?phpsessid=".$_SESSION["s"]["id"]);
+//* Check if user is logged in
+if($_SESSION["s"]["user"]['active'] != 1) {
+	die("URL_REDIRECT: /index.php");
+	//die();
+}
 
-// checke ob User Modul verwenden darf
-$user_modules = explode(",",$_SESSION["s"]["user"]["modules"]);
+if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
+if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,9}$/i", $redirect)) die('redirect contains unallowed chars.');
 
-if(!in_array($mod,$user_modules)) $app->error($app->lng(301));
+//* Check if user may use the module.
+$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);
 
-// lade Moduldaten in Session
+if(!in_array($mod, $user_modules)) $app->error($app->lng(301));
+
+//* Load module configuration into the session.
 if(is_file($mod."/lib/module.conf.php")) {
-	include_once($mod."/lib/module.conf.php");
+	include_once $mod."/lib/module.conf.php";
+
+	$menu_dir = ISPC_WEB_PATH.'/' . $mod . '/lib/menu.d';
+
+	if (is_dir($menu_dir)) {
+		if ($dh = opendir($menu_dir)) {
+			//** Go through all files in the menu dir
+			while (($file = readdir($dh)) !== false) {
+				if ($file != '.' && $file != '..' && substr($file, -9, 9) == '.menu.php' && $file != 'dns_resync.menu.php') {
+					include_once $menu_dir . '/' . $file;
+				}
+			}
+		}
+	}
+
 	$_SESSION["s"]["module"] = $module;
+	session_write_close();
+	if($redirect == ''){
+		echo "HEADER_REDIRECT:".$_SESSION["s"]["module"]["startpage"];
+	} else {
+		//* If we click on a search result, load that one instead of the module's start page
+		echo "HEADER_REDIRECT:".$redirect;
+	}
 } else {
 	$app->error($app->lng(302));
 }
-
 ?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title>42go</title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<script language= "JavaScript">
-  <!--Break out of frames
-  function breakout() {
-    if (top.frames.length > 0)
-	{
-    	top.location='index.php?phpsessid=<? echo $_SESSION["s"]["id"]?>';
-	}
-	else
-	{
-		window.location='index.php?phpsessid=<? echo $_SESSION["s"]["id"]?>';
-	}
-  }
-  //-->
-</script>
-</head>
-
-<body onLoad="breakout()">
-</body>
-</html>

--
Gitblit v1.9.1