Enhance security

author Michael Rasmussen <mir@datanom.net>

Thu, 11 Jun 2015 16:46:56 +0000 (18:46 +0200)

committer Michael Rasmussen <mir@datanom.net>

Thu, 11 Jun 2015 16:46:56 +0000 (18:46 +0200)
author Michael Rasmussen <mir@datanom.net>
Thu, 11 Jun 2015 16:46:56 +0000 (18:46 +0200)
committer Michael Rasmussen <mir@datanom.net>
Thu, 11 Jun 2015 16:46:56 +0000 (18:46 +0200)
diff --git a/mail_report.php b/mail_report.php

index 60405f7d124df6aab50cbc9684dc8a7ac5c13945..f8ff4ace84f19b03dae3a68acb31e090907984f8 100644 (file)
--- a/mail_report.php
+++ b/mail_report.php
@@ -11,7 +11,7 @@
          $id = $_GET['id'];
          $mail = unserialize($_SESSION['mailInfo'][$id]);
  
          $id = $_GET['id'];
          $mail = unserialize($_SESSION['mailInfo'][$id]);
  
-        if (false == $util->authorized($mail->recipient)) {
+        if (! is_object($mail) || false == $util->authorized($mail->recipient)) {
              header('Location: index.php');
              exit;
          }
              header('Location: index.php');
              exit;
          }
diff --git a/message_view.php b/message_view.php

index e81d984f4dce3d2047cd04c2c1e8eb1142f0dde8..aa276d82f02c1e93342017b94348922c42788345 100644 (file)
--- a/message_view.php
+++ b/message_view.php
@@ -13,7 +13,7 @@
  
          $mail = unserialize($_SESSION['mailInfo'][$id]);
  
  
          $mail = unserialize($_SESSION['mailInfo'][$id]);
  
-        if (false == $util->authorized($mail->recipient)) {
+        if (! is_object($mail) || false == $util->authorized($mail->recipient)) {
              header('Location: index.php');
              exit;
          }
              header('Location: index.php');
              exit;
          }
diff --git a/quarantine.php b/quarantine.php

index 14e07e7a4f1883b29b2b27c30f81b5bdfdb45593..788f78ae4499a8e85ecdc41652ed02ecb36f20a6 100644 (file)
--- a/quarantine.php
+++ b/quarantine.php
@@ -22,7 +22,7 @@
              $mail_id = urldecode($id);
              $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
  
              $mail_id = urldecode($id);
              $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
  
-            if (true == $util->authorized($mail->recipient)) {
+            if (is_object($mail) && true == $util->authorized($mail->recipient)) {
                  $secret_id = $mail->secret_id;
                  $recipient = $mail->recipient;
  
                  $secret_id = $mail->secret_id;
                  $recipient = $mail->recipient;
  
@@ -84,7 +84,7 @@
          $error = array();
          foreach ($marked as $mail_id) {
              $mail = $DB->getMail($mail_id);
          $error = array();
          foreach ($marked as $mail_id) {
              $mail = $DB->getMail($mail_id);
-            if (true == $util->authorized($mail->recipient)) {
+            if (is_object($mail) && true == $util->authorized($mail->recipient)) {
                  $query[] = "delete from msgs where mail_id = '$mail_id'";
                  $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
                  $query[] = "delete from quarantine where mail_id = '$mail_id'";
                  $query[] = "delete from msgs where mail_id = '$mail_id'";
                  $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
                  $query[] = "delete from quarantine where mail_id = '$mail_id'";
diff --git a/show_headers.php b/show_headers.php

index 0ff9a6e02f805b418f063d4c6ae55c6f74eef16e..e025ccdba68195d7af1db0928c6259c2856a112a 100644 (file)
--- a/show_headers.php
+++ b/show_headers.php
@@ -11,7 +11,7 @@
          $id = $_GET['id'];
          $mail = unserialize($_SESSION['mailInfo'][$id]);
  
          $id = $_GET['id'];
          $mail = unserialize($_SESSION['mailInfo'][$id]);
  
-        if (false == $util->authorized($mail->recipient)) {
+        if (! is_object($mail) || false == $util->authorized($mail->recipient)) {
              header('Location: index.php');
              exit;
          }
              header('Location: index.php');
              exit;
          }
author	Michael Rasmussen <mir@datanom.net>
	Thu, 11 Jun 2015 16:46:56 +0000 (18:46 +0200)
committer	Michael Rasmussen <mir@datanom.net>
	Thu, 11 Jun 2015 16:46:56 +0000 (18:46 +0200)
mail_report.php		patch \| blob \| blame \| history
message_view.php		patch \| blob \| blame \| history
quarantine.php		patch \| blob \| blame \| history
show_headers.php		patch \| blob \| blame \| history