From c6c99c89e68d43b705c702b4651cac81c78286d3 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Thu, 4 Aug 2011 09:01:36 +0000
Subject: - Add ACL check on parent folder

---
 program/localization/en_US/messages.inc |  1 +
 program/steps/settings/edit_folder.inc  |  2 +-
 program/steps/settings/save_folder.inc  | 10 ++++++++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc
index f86ba5471..3f7db87a0 100644
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@@ -150,5 +150,6 @@ $messages['folderupdated'] = 'Folder updated successfully.';
 $messages['foldercreated'] = 'Folder created successfully.';
 $messages['invalidimageformat'] = 'Not a valid image format.';
 $messages['mispellingsfound'] = 'Spelling errors detected in the message.';
+$messages['parentnotwritable'] = 'Unable to create/move folder into selected parent folder. No access rights.';
 
 ?>
diff --git a/program/steps/settings/edit_folder.inc b/program/steps/settings/edit_folder.inc
index fe9cdc082..740c05ee5 100644
--- a/program/steps/settings/edit_folder.inc
+++ b/program/steps/settings/edit_folder.inc
@@ -255,7 +255,7 @@ function rcmail_folder_form($attrib)
             $content = rcmail_get_form_part($tab);
         }
 
-        if ($content) {        
+        if ($content) {
             $out .= html::tag('fieldset', null, html::tag('legend', null, Q($tab['name'])) . $content) ."\n";
         }
     }
diff --git a/program/steps/settings/save_folder.inc b/program/steps/settings/save_folder.inc
index 498829c3b..2f515627d 100644
--- a/program/steps/settings/save_folder.inc
+++ b/program/steps/settings/save_folder.inc
@@ -55,6 +55,16 @@ else {
     }
 }
 
+// Check access rights to the parent folder
+if (!$error && strlen($path)) {
+    $parent_opts = $RCMAIL->imap->mailbox_info($path);
+    if ($parent_opts['namespace'] != 'personal'
+        && (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts)))
+    ) {
+        $error = rcube_label('parentnotwritable');
+    }
+}
+
 if ($error) {
     $OUTPUT->command('display_message', $error, 'error');
 }
-- 
cgit v1.2.3