summaryrefslogtreecommitdiff
path: root/program/steps/settings
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-08-04 09:01:36 +0000
committeralecpl <alec@alec.pl>2011-08-04 09:01:36 +0000
commitc6c99c89e68d43b705c702b4651cac81c78286d3 (patch)
treeff842bce60d98dab19d9fb98ab66f36725317bd7 /program/steps/settings
parentd9615118f3b14e65fc8214318d5bc50ebe19eb03 (diff)
- Add ACL check on parent folder
Diffstat (limited to 'program/steps/settings')
-rw-r--r--program/steps/settings/edit_folder.inc2
-rw-r--r--program/steps/settings/save_folder.inc10
2 files changed, 11 insertions, 1 deletions
diff --git a/program/steps/settings/edit_folder.inc b/program/steps/settings/edit_folder.inc
index fe9cdc082..740c05ee5 100644
--- a/program/steps/settings/edit_folder.inc
+++ b/program/steps/settings/edit_folder.inc
@@ -255,7 +255,7 @@ function rcmail_folder_form($attrib)
$content = rcmail_get_form_part($tab);
}
- if ($content) {
+ if ($content) {
$out .= html::tag('fieldset', null, html::tag('legend', null, Q($tab['name'])) . $content) ."\n";
}
}
diff --git a/program/steps/settings/save_folder.inc b/program/steps/settings/save_folder.inc
index 498829c3b..2f515627d 100644
--- a/program/steps/settings/save_folder.inc
+++ b/program/steps/settings/save_folder.inc
@@ -55,6 +55,16 @@ else {
}
}
+// Check access rights to the parent folder
+if (!$error && strlen($path)) {
+ $parent_opts = $RCMAIL->imap->mailbox_info($path);
+ if ($parent_opts['namespace'] != 'personal'
+ && (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts)))
+ ) {
+ $error = rcube_label('parentnotwritable');
+ }
+}
+
if ($error) {
$OUTPUT->command('display_message', $error, 'error');
}