require_once $CFG->root . 'lib/utils.inc.php';
function error($error) {
- $util = Utils::getInstance();
+ $util = new Utils;
$util->setHeading("Error");
echo $util->getHeader();
echo $util->getHeading();
echo $util->getFooter();
}
- $util = Utils::getInstance();
- $loggedIn = $util->isLoggedIn();
- $request = isset($_GET['op']) ? $_GET['op'] : '';
- if ($loggedIn && isset($_GET['id'])) {
- $mail_id = urldecode($_GET['id']);
- $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
- $secret_id = $mail->secret_id;
- $recipient = $mail->recipient;
+ function handleRequest($util, $request, $ids) {
+ global $CFG;
$query = array();
- if ($request == 'release') {
- $amavisserver = $CFG->amavisd_db_host;
- $policy_port = $CFG->amavis_policy_port;
+ foreach ($ids as $id) {
+ $mail_id = urldecode($id);
+ $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
- $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
- if (!$fp) {
- error("$errstr ($errno)");
- exit;
- }
- $out = "request=" . $request . "\r\n";
- $out .= "mail_id=" . $mail_id . "\r\n";
- $out .= "recipient=" . $recipient . "\r\n";
- $out .= "secret_id=" . $secret_id . "\r\n\r\n";
- fwrite($fp, $out);
- $response = fread($fp, 8192);
- fclose($fp);
- $response = urldecode($response);
- if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
- error("Request to release failed [$out][$response]");
- exit;
- }
- if ($matches[1] != '2.0.0') {
- error($matches[2]);
- exit;
- }
+ if (is_object($mail) && true == $util->authorized($mail->recipient)) {
+ $secret_id = $mail->secret_id;
+ $recipient = $mail->recipient;
- $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
- } else if ($request == 'delete') {
- $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
- } else {
- error("Unknown operation [$request]");
- exit;
+ if ($request == 'release') {
+ $amavisserver = $CFG->amavisd_db_host;
+ $policy_port = $CFG->amavis_policy_port;
+
+ $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
+ if (!$fp) {
+ error("$errstr ($errno)");
+ exit;
+ }
+ $out = "request=" . $request . "\r\n";
+ $out .= "mail_id=" . $mail_id . "\r\n";
+ $out .= "recipient=" . $recipient . "\r\n";
+ $out .= "secret_id=" . $secret_id . "\r\n\r\n";
+ fwrite($fp, $out);
+ $response = fread($fp, 8192);
+ fclose($fp);
+ $response = urldecode($response);
+ if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
+ error("Request to release failed [$out][$response]");
+ exit;
+ }
+ if ($matches[1] != '2.0.0') {
+ error($matches[2]);
+ exit;
+ }
+
+ $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
+ } else if ($request == 'delete') {
+ $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
+ } else {
+ error("Unknown operation [$request]");
+ exit;
+ }
+ }
}
+
+ return $query;
+ }
+
+ $util = new Utils;
+ $loggedIn = $util->isLoggedIn();
+ $request = isset($_GET['op']) ? $_GET['op'] : '';
+ if ($loggedIn && isset($_GET['id'])) {
+ $ids = explode(',', $_GET['id']);
+ $query = handleRequest($util, $request, $ids);
$success = $DB->update($query);
if (! $success) {
error("Message not released, contact administrator [$query]");
$query = array();
$error = array();
foreach ($marked as $mail_id) {
- $query[] = "delete from msgs where mail_id = '$mail_id'";
- $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
- $query[] = "delete from quarantine where mail_id = '$mail_id'";
- $success = $DB->update($query);
- if (! $success) {
- $error[] = $mail_id;
+ $recipient = $DB->getRecipient($mail_id);
+ if ($recipient && true == $util->authorized($recipient)) {
+ $query[] = "delete from msgs where mail_id = '$mail_id'";
+ $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
+ $query[] = "delete from quarantine where mail_id = '$mail_id'";
+ $success = $DB->update($query);
+ if (! $success) {
+ $error[] = $mail_id;
+ }
}
}
if (count($error) > 0) {
projects / qtadmin.git / blobdiff