[Web] Fix alias verification
parent
a01ba7efa3
commit
05c85b4140
|
@ -589,6 +589,7 @@ function hasMailboxObjectAccess($username, $role, $object) {
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
// does also verify mailboxes as a mailbox is a alias == goto
|
||||||
function hasAliasObjectAccess($username, $role, $object) {
|
function hasAliasObjectAccess($username, $role, $object) {
|
||||||
global $pdo;
|
global $pdo;
|
||||||
if (empty($username) || empty($role) || empty($object)) {
|
if (empty($username) || empty($role) || empty($object)) {
|
||||||
|
@ -600,8 +601,7 @@ function hasAliasObjectAccess($username, $role, $object) {
|
||||||
if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
|
if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// Do not verify mailboxes
|
$stmt = $pdo->prepare("SELECT `domain` FROM `alias` WHERE `address` = :object");
|
||||||
$stmt = $pdo->prepare("SELECT `domain` FROM `alias` WHERE `address` = :object AND `address` != `goto`");
|
|
||||||
$stmt->execute(array(':object' => $object));
|
$stmt->execute(array(':object' => $object));
|
||||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
if (isset($row['domain']) && hasDomainAccess($username, $role, $row['domain'])) {
|
if (isset($row['domain']) && hasDomainAccess($username, $role, $row['domain'])) {
|
||||||
|
|
Loading…
Reference in New Issue