add more debug info

[qtadmin.git] / message_view.php

diff --git a/message_view.php b/message_view.php
index c65a0f54f58bc53cd7b1f73b08cb9f5c8e53c5f9..93cc33946eda98d29818bf8560618b4e9d30a6eb 100644 (file)
--- a/message_view.php
+++ b/message_view.php
@@ -1,5 +1,5 @@
 <?php
-/* vim: set ts=4 tw=4 sw=4 noet: */
+/* vim: set ts=4 tw=0 sw=4 noet: */
     require_once 'Mail/mimeDecode.php';
     require_once 'config.php';
     require_once $CFG->root . 'lib/db_factory.php';
@@ -11,12 +11,17 @@
         $id = $_GET['id'];
         $id = urldecode($id);
 
+        $mail = unserialize($_SESSION['mailInfo'][$id]);
+
+        if (! is_object($mail) || false == $util->authorized($mail->recipient)) {
+            header('Location: qtadmin.php');
+            exit;
+        }
+
         $util->setHeading("Message ID : $id");
         echo $util->getHeader();
         echo $util->getHeading();
 
-        $mail = unserialize($_SESSION['mailInfo'][$id]);
-
         $row = $DB->getMail($id);
         $string = $row->mail_text;
         $sa_tests = null;
@@ -35,7 +40,7 @@
               onclick="javascript: history.back();"/></td>';
         echo '</tr></table>';
 
-        echo '<table><tr>';
+        echo '<table>';
         $from = $headers['from'];
         $from = str_replace("<", "&lt;", $from);
         $from = str_replace(">", "&gt;", $from);
@@ -90,7 +95,7 @@
         echo '</td></tr></table>';
         echo $util->getFooter();
     } else if ($loggedIn) {
-        header('Location: index.php');
+        header('Location: qtadmin.php');
     } else {
         header('Location: auth.php');
     }