script could be loaded when $edit_identity is set to false

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11202 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/ChangeLog b/ChangeLog
index 321827804f4d341db53244c7323211cc44a710fc..3d6e2771d9eaa835a3d0bf39d3930ba5780e495f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -80,6 +80,8 @@ Version 1.5.2 - CVS
     should be converted to html line breaks.
   - Add note to conf.pl / config_default.php to warn users that set
     sensitive passwords in that file to properly secure it.
+  - Prevent modifications in advanced identities, when editing of
+    identities is disabled.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

diff --git a/src/options_identities.php b/src/options_identities.php
index 026ae1f1a56c37dc50034f9c4581b81b353a7b20..e6f348d4706d3f8273534578f3fd962a0f75fc65 100644 (file)
--- a/src/options_identities.php
+++ b/src/options_identities.php
@@ -21,6 +21,13 @@ require('../include/init.php');
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'functions/identity.php');
 
+/* make sure that page is not available when $edit_identity is false */
+if (!$edit_identity) {
+    error_box(_("Editing identities is disabled."));
+    $oTemplate->display('footer.tpl');
+    die();
+}
+
 if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) {
     $identities = get_identities();
 }