<?php
-/* vim: set ts=4 tw=4 sw=4 noet: */
+/* vim: set ts=4 tw=0 sw=4 noet: */
require_once 'config.php';
require_once $CFG->root . 'lib/db_factory.php';
require_once $CFG->root . 'lib/utils.inc.php';
echo $util->getFooter();
}
- function handleRequest($request, $ids) {
+ function handleRequest($util, $request, $ids) {
global $CFG;
$query = array();
foreach ($ids as $id) {
$mail_id = urldecode($id);
$mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
- $secret_id = $mail->secret_id;
- $recipient = $mail->recipient;
- if ($request == 'release') {
- $amavisserver = $CFG->amavisd_db_host;
- $policy_port = $CFG->amavis_policy_port;
+ if (is_object($mail) && true == $util->authorized($mail->recipient)) {
+ $secret_id = $mail->secret_id;
+ $recipient = $mail->recipient;
- $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
- if (!$fp) {
- error("$errstr ($errno)");
- exit;
- }
- $out = "request=" . $request . "\r\n";
- $out .= "mail_id=" . $mail_id . "\r\n";
- $out .= "recipient=" . $recipient . "\r\n";
- $out .= "secret_id=" . $secret_id . "\r\n\r\n";
- fwrite($fp, $out);
- $response = fread($fp, 8192);
- fclose($fp);
- $response = urldecode($response);
- if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
- error("Request to release failed [$out][$response]");
- exit;
- }
- if ($matches[1] != '2.0.0') {
- error($matches[2]);
+ if ($request == 'release') {
+ $amavisserver = $CFG->amavisd_db_host;
+ $policy_port = $CFG->amavis_policy_port;
+
+ $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
+ if (!$fp) {
+ error("$errstr ($errno)");
+ exit;
+ }
+ $out = "request=" . $request . "\r\n";
+ $out .= "mail_id=" . $mail_id . "\r\n";
+ $out .= "recipient=" . $recipient . "\r\n";
+ $out .= "secret_id=" . $secret_id . "\r\n\r\n";
+ fwrite($fp, $out);
+ $response = fread($fp, 8192);
+ fclose($fp);
+ $response = urldecode($response);
+ if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
+ error("Request to release failed [$out][$response]");
+ exit;
+ }
+ if ($matches[1] != '2.0.0') {
+ error($matches[2]);
+ exit;
+ }
+
+ $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
+ } else if ($request == 'delete') {
+ $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
+ } else {
+ error("Unknown operation [$request]");
exit;
}
-
- $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
- } else if ($request == 'delete') {
- $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
- } else {
- error("Unknown operation [$request]");
- exit;
}
}
$request = isset($_GET['op']) ? $_GET['op'] : '';
if ($loggedIn && isset($_GET['id'])) {
$ids = explode(',', $_GET['id']);
- $query = handleRequest($request, $ids);
+ $query = handleRequest($util, $request, $ids);
$success = $DB->update($query);
if (! $success) {
error("Message not released, contact administrator [$query]");
$query = array();
$error = array();
foreach ($marked as $mail_id) {
- $query[] = "delete from msgs where mail_id = '$mail_id'";
- $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
- $query[] = "delete from quarantine where mail_id = '$mail_id'";
- $success = $DB->update($query);
- if (! $success) {
- $error[] = $mail_id;
+ $recipient = $DB->getRecipient($mail_id);
+ if ($recipient && true == $util->authorized($recipient)) {
+ $query[] = "delete from msgs where mail_id = '$mail_id'";
+ $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
+ $query[] = "delete from quarantine where mail_id = '$mail_id'";
+ $success = $DB->update($query);
+ if (! $success) {
+ $error[] = $mail_id;
+ }
}
}
if (count($error) > 0) {
projects / qtadmin.git / blobdiff