From cab7ea5faaa2f3510c8488e7d19d083fc05ac6ca Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Wed, 18 Sep 2013 04:17:27 -0400
Subject: [PATCH] - Fixed missing global $app in new _decode function

---
 interface/web/mail/mail_get_edit.php |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/interface/web/mail/mail_get_edit.php b/interface/web/mail/mail_get_edit.php
index 5bc512a..cd7741b 100644
--- a/interface/web/mail/mail_get_edit.php
+++ b/interface/web/mail/mail_get_edit.php
@@ -69,6 +69,12 @@
 	function onSubmit() {
 		global $app, $conf;
 		
+		//* Check if destination email belongs to user
+		if(isset($_POST["destination"])) {
+			$email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
+			if($email["email"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->lng("no_destination_perm");
+		}
+		
 		// Check the client limits, if user is not the admin
 		if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
 			// Get the limits of the client
@@ -85,11 +91,17 @@
 			}
 		} // end if user is not admin
 		
+		
 		// Set the server ID according to the selected destination
 		$tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
 		$this->dataRecord["server_id"] = $tmp["server_id"];
 		unset($tmp);
 		
+		//* Check that no illegal combination of options is set
+		if((!isset($this->dataRecord['source_delete']) || @$this->dataRecord['source_delete'] == 'n') && $this->dataRecord['source_read_all'] == 'y') {
+			$app->tform->errorMessage .= $app->tform->lng('error_delete_read_all_combination')."<br>";
+		}
+		
 		parent::onSubmit();
 	}
 	

--
Gitblit v1.9.1