From 3d8d1f097260e3ee54f0913de4e8ddd550223ad4 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 25 Oct 2012 08:39:37 -0400
Subject: [PATCH] Fixed: FS#2395 - mail_user_add doesn't check if the domain exists

---
 remoting_client/examples/mail_user_add.php |    2 +-
 interface/lib/classes/remoting.inc.php     |   28 +++++++++++++++++++++++++---
 interface/lib/classes/remoting_lib.inc.php |    2 +-
 3 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 269a5cb..464914c 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -306,30 +306,52 @@
 	}
 	
 	
-	//* dodanie uzytkownika email
+	//* Add mail domain
 	public function mail_user_add($session_id, $client_id, $params){
+		global $app;
+		
 		if (!$this->checkPerm($session_id, 'mail_user_add')){
 			$this->server->fault('permission_denied','You do not have the permissions to access this function.');
 			return false;
 		}
+		
+		//* Check if mail domain exists
+		$email_parts = explode('@',$params['email']);
+		$tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+		if($tmp['domain'] != $email_parts[1]) {
+			$this->server->fault('mail_domain_does_not_exist','Mail domain - '.$email_parts[1].' - does not exist.');
+			return false;
+		}
+		
 		$affected_rows = $this->insertQuery('../mail/form/mail_user.tform.php', $client_id, $params);
 		return $affected_rows;
 	}
 
-	//* edycja uzytkownika email	
+	//* Update mail user	
 	public function mail_user_update($session_id, $client_id, $primary_id, $params)
 	{
+		global $app;
+		
 		if (!$this->checkPerm($session_id, 'mail_user_update'))
 		{
 			$this->server->fault('permission_denied','You do not have the permissions to access this function.');
 			return false;
 		}
+		
+		//* Check if mail domain exists
+		$email_parts = explode('@',$params['email']);
+		$tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+		if($tmp['domain'] != $email_parts[1]) {
+			$this->server->fault('mail_domain_does_not_exist','Mail domain - '.$email_parts[1].' - does not exist.');
+			return false;
+		}
+		
 		$affected_rows = $this->updateQuery('../mail/form/mail_user.tform.php', $client_id, $primary_id, $params);
 		return $affected_rows;
 	}
 
 	
-	//*usuniecie uzytkownika emial
+	//* Delete mail user
 	public function mail_user_delete($session_id, $primary_id)
 	{
 		if (!$this->checkPerm($session_id, 'mail_user_delete'))
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 47660f7..383df7b 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -160,7 +160,7 @@
 						}
 				}*/
 				
-				$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");
+				$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
 				$this->sys_username         = $user['username'];
 				$this->sys_userid            = $user['userid'];
 				$this->sys_default_group     = $user['default_group'];
diff --git a/remoting_client/examples/mail_user_add.php b/remoting_client/examples/mail_user_add.php
index 1333bfb..b481057 100644
--- a/remoting_client/examples/mail_user_add.php
+++ b/remoting_client/examples/mail_user_add.php
@@ -25,7 +25,7 @@
 			'uid' => 5000,
 			'gid' => 5000,
 			'maildir' => '/var/vmail/test.int/joe',
-			'quota' => 10000000000,
+			'quota' => 1000,
 			'cc' => '',
 			'homedir' => '/var/vmail',
 			'autoresponder' => 'n',

--
Gitblit v1.9.1