Löschen fremder Mailaccounts war bisher möglich (dd329f0) - webinterface.git

@@ -38,7 +38,8 @@ function mailaccounts($uid)
 function get_mailaccount($id)
 {
   $id = (int) $id;
-  $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id");
+  $uid = (int) $_SESSION['userinfo']['uid'];
+  $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
   DEBUG("Found ".mysql_num_rows($result)." rows!");
   if (mysql_num_rows($result) != 1)
     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
@@ -51,6 +52,7 @@ function get_mailaccount($id)
 function change_mailaccount($id, $arr)
 {
   $id = (int) $id;
+  $uid = (int) $_SESSION['userinfo']['uid'];
   $conditions = array();
 
   if (isset($arr['account']))
@@ -89,7 +91,7 @@ function change_mailaccount($id, $arr)
     array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
 
 
-  db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1");
+  db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}");
   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«");
 
 }


...	...	@@ -38,7 +38,8 @@ function mailaccounts($uid)
38	38	function get_mailaccount($id)
39	39	{
40	40	$id = (int) $id;
41		- $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id");
	41	+ $uid = (int) $_SESSION['userinfo']['uid'];
	42	+ $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
42	43	DEBUG("Found ".mysql_num_rows($result)." rows!");
43	44	if (mysql_num_rows($result) != 1)
44	45	system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
...	...	@@ -51,6 +52,7 @@ function get_mailaccount($id)
51	52	function change_mailaccount($id, $arr)
52	53	{
53	54	$id = (int) $id;
	55	+ $uid = (int) $_SESSION['userinfo']['uid'];
54	56	$conditions = array();
55	57
56	58	if (isset($arr['account']))
...	...	@@ -89,7 +91,7 @@ function change_mailaccount($id, $arr)
89	91	array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
90	92
91	93
92		- db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1");
	94	+ db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}");
93	95	logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«");
94	96
95	97	}
96	98