From: tokul Date: Mon, 12 Jun 2006 17:32:06 +0000 (+0000) Subject: script could be loaded when $edit_identity is set to false X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=bf02c8834033349407d2b2235f64be28f2ace107;p=squirrelmail.git script could be loaded when $edit_identity is set to false git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11202 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/ChangeLog b/ChangeLog index 32182780..3d6e2771 100644 --- a/ChangeLog +++ b/ChangeLog @@ -80,6 +80,8 @@ Version 1.5.2 - CVS should be converted to html line breaks. - Add note to conf.pl / config_default.php to warn users that set sensitive passwords in that file to properly secure it. + - Prevent modifications in advanced identities, when editing of + identities is disabled. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- diff --git a/src/options_identities.php b/src/options_identities.php index 026ae1f1..e6f348d4 100644 --- a/src/options_identities.php +++ b/src/options_identities.php @@ -21,6 +21,13 @@ require('../include/init.php'); /* SquirrelMail required files. */ require_once(SM_PATH . 'functions/identity.php'); +/* make sure that page is not available when $edit_identity is false */ +if (!$edit_identity) { + error_box(_("Editing identities is disabled.")); + $oTemplate->display('footer.tpl'); + die(); +} + if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) { $identities = get_identities(); }