X-Git-Url: http://git.datanom.net/qtadmin.git/blobdiff_plain/af31b70b41a9582334862ebdd1abe54d3fc0d685..70c7fd5765720621553b3ddaff1009c795f49a76:/quarantine.php diff --git a/quarantine.php b/quarantine.php index 14e07e7..b6703d8 100644 --- a/quarantine.php +++ b/quarantine.php @@ -14,7 +14,7 @@ echo $util->getFooter(); } - function handleRequest($request, $ids) { + function handleRequest($util, $request, $ids) { global $CFG; $query = array(); @@ -22,9 +22,10 @@ $mail_id = urldecode($id); $mail = unserialize($_SESSION['mailInfo']["$mail_id"]); - if (true == $util->authorized($mail->recipient)) { + if (is_object($mail) && true == $util->authorized($mail->recipient)) { $secret_id = $mail->secret_id; $recipient = $mail->recipient; + $sender = $mail->sender; if ($request == 'release') { $amavisserver = $CFG->amavisd_db_host; @@ -55,6 +56,8 @@ $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'"; } else if ($request == 'delete') { $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'"; + } else if ($request == 'block') { + $query[] = $sender; } else { error("Unknown operation [$request]"); exit; @@ -70,21 +73,37 @@ $request = isset($_GET['op']) ? $_GET['op'] : ''; if ($loggedIn && isset($_GET['id'])) { $ids = explode(',', $_GET['id']); - $query = handleRequest($request, $ids); - $success = $DB->update($query); + if ($request == 'block') { + // /add/(whitelist|blacklist)/(.+) + $query = handleRequest($util, $request, $ids); + $data = json_encode($query); + if ($util->isAdmin()) { + $method = '/add/blacklist'; + } else { + $method = '/add/blacklist/' . $util->getUser(); + } + $success = $util->makeRestCall($method, $data); + } else { + $query = handleRequest($util, $request, $ids); + $success = $DB->update($query); + } if (! $success) { - error("Message not released, contact administrator [$query]"); + if ($request == 'block') { + error("Could not blacklist sender"); + } else { + error("Message not released, contact administrator [$query]"); + } exit; } - header('Location: index.php'); + header('Location: qtadmin.php'); } else if ($loggedIn && $request == 'purge') { $marked = unserialize($_SESSION['marked']); unset($_SESSION['marked']); $query = array(); $error = array(); foreach ($marked as $mail_id) { - $mail = $DB->getMail($mail_id); - if (true == $util->authorized($mail->recipient)) { + $recipient = $DB->getRecipient($mail_id); + if ($recipient && true == $util->authorized($recipient)) { $query[] = "delete from msgs where mail_id = '$mail_id'"; $query[] = "delete from msgrcpt where mail_id = '$mail_id'"; $query[] = "delete from quarantine where mail_id = '$mail_id'"; @@ -99,9 +118,9 @@ error("The following messages was not purged [$str], contact administrator"); exit; } - header('Location: index.php'); + header('Location: qtadmin.php'); } else if ($loggedIn) { - header('Location: index.php'); + header('Location: qtadmin.php'); } else { header('Location: auth.php'); }