From: Pascal Corpet <pascal.corpet@m4x.org>
Date: Thu, 9 Jun 2005 12:05:38 +0000 (+0000)
Subject: backport secu et effacage d'un alias de liste vide pour xnet
X-Git-Tag: xorg/old~72
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=bed74bcf6035e6f60252232987fa1ea3d34efe72;p=platal.git

backport secu et effacage d'un alias de liste vide pour xnet

Patches applied:

 * opensource@polytechnique.org--2005/platal--release--0.9.6--patch-38
   suppression d'un alias vide et securite


git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-692
---

diff --git a/ChangeLog b/ChangeLog
index 9680279..b0bcbcd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,7 @@ Fixes (from 0.9.6 branch) :
 
 	* Xnet :
 		- Have a connection link even on index page.						-MC
+		- Deleting and securing deletion of empty aliases.					-Car
 		- #314: fix bad links to categories									-Car
 
 ================================================================================
diff --git a/htdocs.net/groupe/listes.php b/htdocs.net/groupe/listes.php
index 7bc1aa8..b8c65c0 100644
--- a/htdocs.net/groupe/listes.php
+++ b/htdocs.net/groupe/listes.php
@@ -26,12 +26,15 @@ if(Post::has('promo_add')) {
 }
 
 
-if (Post::has('del_alias')) {
+if (Post::has('del_alias') && may_update()) {
+    $alias = Post::get('del_alias');
+    // prevent group admin from erasing aliases from other groups
+    $alias = substr($alias, 0, strpos($alias, '@')).'@'.$globals->asso('mail_domain');
     $globals->xdb->query(
             'DELETE FROM  x4dat.virtual_redirect, x4dat.virtual
                    USING  x4dat.virtual AS v
-	      INNER JOIN  x4dat.virtual_redirect USING(vid)
-	           WHERE  v.alias={?}', Post::get('del_alias'));
+	       LEFT JOIN  x4dat.virtual_redirect USING(vid)
+	           WHERE  v.alias={?}', $alias);
     $page->trig(Post::get('del_alias')." supprimé !");
 }