Revision: 110
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=110&view=rev
Author: GingerDog
Date: 2007-10-02 04:58:11 -0700 (Tue, 02 Oct 2007)
Log Message:
-----------
ensure domain name is in a list of valid domain names; set for use within the template so the right one is selected if ?domain=XXX was in the url
Modified Paths:
--------------
trunk/create-mailbox.php
Modified: trunk/create-mailbox.php
===================================================================
--- trunk/create-mailbox.php 2007-10-02 11:57:28 UTC (rev 109)
+++ trunk/create-mailbox.php 2007-10-02 11:58:11 UTC (rev 110)
@@ -46,7 +46,7 @@
$list_domains = list_domains ();
}
else {
- $list_domains = list_domains_for_admin ($SESSID_USERNAME);
+ $list_domains = list_domains_for_admin($SESSID_USERNAME);
}
@@ -56,14 +56,18 @@
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
+ $fDomain = $list_domains[0];
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
+ if(!in_array($fDomain, $list_domains)) {
+ die("Invalid domain name selected, or you tried to select a domain you are not an admin for");
+ }
+ $tDomain = $fDomain;
$result = db_query ("SELECT * FROM $table_domain WHERE domain='$fDomain'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$tQuota = $row['maxquota'];
-
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
