projects / platal.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 76a929c)
backport secu et effacage d'un alias de liste vide pour xnet
authorPascal Corpet <pascal.corpet@m4x.org>
Thu, 9 Jun 2005 12:05:38 +0000 (12:05 +0000)
committerFlorent Bruneau <florent.bruneau@polytechnique.org>
Thu, 26 Jun 2008 21:29:11 +0000 (23:29 +0200)
Patches applied:

 * opensource@polytechnique.org--2005/platal--release--0.9.6--patch-38
   suppression d'un alias vide et securite

git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-692

ChangeLog patch | blob | blame | history
htdocs.net/groupe/listes.php patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 9680279..b0bcbcd 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,7 @@ Fixes (from 0.9.6 branch) :
 
        * Xnet :
                - Have a connection link even on index page.                                            -MC
+               - Deleting and securing deletion of empty aliases.                                      -Car
                - #314: fix bad links to categories                                                                     -Car
 
 ================================================================================
diff --git a/htdocs.net/groupe/listes.php b/htdocs.net/groupe/listes.php
index 7bc1aa8..b8c65c0 100644 (file)
--- a/htdocs.net/groupe/listes.php
+++ b/htdocs.net/groupe/listes.php
@@ -26,12 +26,15 @@ if(Post::has('promo_add')) {
 }
 
 
-if (Post::has('del_alias')) {
+if (Post::has('del_alias') && may_update()) {
+    $alias = Post::get('del_alias');
+    // prevent group admin from erasing aliases from other groups
+    $alias = substr($alias, 0, strpos($alias, '@')).'@'.$globals->asso('mail_domain');
     $globals->xdb->query(
             'DELETE FROM  x4dat.virtual_redirect, x4dat.virtual
                    USING  x4dat.virtual AS v
-             INNER JOIN  x4dat.virtual_redirect USING(vid)
-                  WHERE  v.alias={?}', Post::get('del_alias'));
+              LEFT JOIN  x4dat.virtual_redirect USING(vid)
+                  WHERE  v.alias={?}', $alias);
     $page->trig(Post::get('del_alias')." supprimé !");
 }
 
plat/al