From 05c85b4140ea0c83ea5b028ead3a614813f99736 Mon Sep 17 00:00:00 2001 From: andryyy Date: Wed, 9 Jun 2021 11:03:48 +0200 Subject: [PATCH] [Web] Fix alias verification --- data/web/inc/functions.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 7854acd6..d88d7e6c 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -589,6 +589,7 @@ function hasMailboxObjectAccess($username, $role, $object) { } return false; } +// does also verify mailboxes as a mailbox is a alias == goto function hasAliasObjectAccess($username, $role, $object) { global $pdo; if (empty($username) || empty($role) || empty($object)) { @@ -600,8 +601,7 @@ function hasAliasObjectAccess($username, $role, $object) { if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') { return false; } - // Do not verify mailboxes - $stmt = $pdo->prepare("SELECT `domain` FROM `alias` WHERE `address` = :object AND `address` != `goto`"); + $stmt = $pdo->prepare("SELECT `domain` FROM `alias` WHERE `address` = :object"); $stmt->execute(array(':object' => $object)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (isset($row['domain']) && hasDomainAccess($username, $role, $row['domain'])) {