From 2b099ad2fc3663697e45dd16f4b82341e0267c86 Mon Sep 17 00:00:00 2001 From: Michael Rasmussen Date: Thu, 11 Jun 2015 18:46:56 +0200 Subject: [PATCH] Enhance security --- mail_report.php | 2 +- message_view.php | 2 +- quarantine.php | 4 ++-- show_headers.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mail_report.php b/mail_report.php index 60405f7..f8ff4ac 100644 --- a/mail_report.php +++ b/mail_report.php @@ -11,7 +11,7 @@ $id = $_GET['id']; $mail = unserialize($_SESSION['mailInfo'][$id]); - if (false == $util->authorized($mail->recipient)) { + if (! is_object($mail) || false == $util->authorized($mail->recipient)) { header('Location: index.php'); exit; } diff --git a/message_view.php b/message_view.php index e81d984..aa276d8 100644 --- a/message_view.php +++ b/message_view.php @@ -13,7 +13,7 @@ $mail = unserialize($_SESSION['mailInfo'][$id]); - if (false == $util->authorized($mail->recipient)) { + if (! is_object($mail) || false == $util->authorized($mail->recipient)) { header('Location: index.php'); exit; } diff --git a/quarantine.php b/quarantine.php index 14e07e7..788f78a 100644 --- a/quarantine.php +++ b/quarantine.php @@ -22,7 +22,7 @@ $mail_id = urldecode($id); $mail = unserialize($_SESSION['mailInfo']["$mail_id"]); - if (true == $util->authorized($mail->recipient)) { + if (is_object($mail) && true == $util->authorized($mail->recipient)) { $secret_id = $mail->secret_id; $recipient = $mail->recipient; @@ -84,7 +84,7 @@ $error = array(); foreach ($marked as $mail_id) { $mail = $DB->getMail($mail_id); - if (true == $util->authorized($mail->recipient)) { + if (is_object($mail) && true == $util->authorized($mail->recipient)) { $query[] = "delete from msgs where mail_id = '$mail_id'"; $query[] = "delete from msgrcpt where mail_id = '$mail_id'"; $query[] = "delete from quarantine where mail_id = '$mail_id'"; diff --git a/show_headers.php b/show_headers.php index 0ff9a6e..e025ccd 100644 --- a/show_headers.php +++ b/show_headers.php @@ -11,7 +11,7 @@ $id = $_GET['id']; $mail = unserialize($_SESSION['mailInfo'][$id]); - if (false == $util->authorized($mail->recipient)) { + if (! is_object($mail) || false == $util->authorized($mail->recipient)) { header('Location: index.php'); exit; } -- 2.39.5