Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ACL checking on target parent folder (#233)

Browse source
This commit is contained in:
Aleksander Machniak (Kolab Systems) 2011-08-04 11:56:13 +02:00
parent cd0e45248b
commit 5ce8c1abb4
2 changed files with 36 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
plugins/calendar/drivers/kolab/kolab_driver.php
View file

@ -230,6 +230,17 @@ class kolab_driver extends calendar_driver
}
}
// Check access rights to the parent folder
if (strlen($parent)) {
$this->rc->imap_connect();
$parent_opts = $this->rc->imap->mailbox_info($parent);
if ($parent_opts['namespace'] != 'personal'
&& (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts)))
) {
return false;
}
}
if (!empty($options) && ($options['protected'] || $options['norename'])) {
$folder = $oldfolder;
}

14
plugins/kolab_addressbook/kolab_addressbook.php
View file

@ -211,11 +211,12 @@ class kolab_addressbook extends rcube_plugin
*/
public function get_address_book($p)
{
if ($p['id']) {
$this->_list_sources();
if ($this->sources[$p['id']]) {
$p['instance'] = $this->sources[$p['id']];
}
}
return $p;
}
@ -444,6 +445,17 @@ class kolab_addressbook extends rcube_plugin
}
}
// Check access rights to the parent folder
if (!$error && strlen($path)) {
$this->rc->imap_connect();
$parent_opts = $this->rc->imap->mailbox_info($path);
if ($parent_opts['namespace'] != 'personal'
&& (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts)))
) {
$error = rcube_label('parentnotwritable');
}
}
if (!$error) {
if (!empty($options) && ($options['protected'] || $options['norename'])) {
$folder = $oldfolder;