X-Git-Url: http://git.datanom.net/qtadmin.git/blobdiff_plain/3056d1173b4c0225eea764cd1bdfae965b198c14..HEAD:/mail_report.php

diff --git a/mail_report.php b/mail_report.php
index bc7c05e..3607ba2 100644
--- a/mail_report.php
+++ b/mail_report.php
@@ -8,13 +8,18 @@
     $util = new Utils;
     $loggedIn = $util->isLoggedIn();
     if ($loggedIn && isset($_GET['id'])) {
+        $id = $_GET['id'];
+        $mail = unserialize($_SESSION['mailInfo'][$id]);
+
+        if (! is_object($mail) || false == $util->authorized($mail->recipient)) {
+            header('Location: qtadmin.php');
+            exit;
+        }
+
         $util->setHeading('Spam Report');
         echo $util->getHeader();
         echo $util->getHeading();
 
-        $id = $_GET['id'];
-        $mail = unserialize($_SESSION['mailInfo'][$id]);
-
         $row = $DB->getMail($id);
         $string = $row->mail_text;
         $sa_tests = null;
@@ -89,8 +94,8 @@
         } else {
             $bayes['total'] = "<tr><td class=\"label\">TOTAL</td><td class=\"value\">-</td></tr>";
         }
-        $plain = "?id=$id&format=plain";
-        $html = "?id=$id&format=html";
+        $plain = "?id=$id&amp;format=plain";
+        $html = "?id=$id&amp;format=html";
         echo '<p class="ruler">Message ID : ' . $mail->mail_id . '</p>';
         echo '<table class="button-menu">';
         echo '<tr class="button-row">';
@@ -134,7 +139,7 @@
         echo '</table>';
         echo $util->getFooter();
     } else if ($loggedIn) {
-        header('Location: index.php');
+        header('Location: qtadmin.php');
     } else {
         header('Location: auth.php');
     }