[geeklog-cvs] geeklog: Forgot to check group membership again when sending the...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Feb 1 03:49:16 EST 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/99c4995f2ef1
changeset: 6743:99c4995f2ef1
user: Dirk Haun <dirk at haun-online.de>
date: Sun Feb 01 09:49:03 2009 +0100
description:
Forgot to check group membership again when sending the emails
diffstat:
1 file changed, 20 insertions(+), 12 deletions(-)
public_html/admin/mail.php | 32 ++++++++++++++++++++------------
diffs (64 lines):
diff -r 3ccf161b2de2 -r 99c4995f2ef1 public_html/admin/mail.php
--- a/public_html/admin/mail.php Sat Jan 31 22:44:58 2009 +0100
+++ b/public_html/admin/mail.php Sun Feb 01 09:49:03 2009 +0100
@@ -114,23 +114,31 @@
* @return string HTML with success or error message
*
*/
-function send_messages ($vars)
+function send_messages($vars)
{
global $_CONF, $_TABLES, $LANG31;
- require_once($_CONF['path_system'] . 'lib-user.php');
+ require_once $_CONF['path_system'] . 'lib-user.php';
$retval = '';
- if (empty ($vars['fra']) OR empty ($vars['fraepost']) OR
- empty ($vars['subject']) OR empty ($vars['message']) OR
- empty ($vars['to_group'])) {
- $retval .= COM_startBlock ($LANG31[1], '',
- COM_getBlockTemplate ('_msg_block', 'header'));
- $retval .= $LANG31[26];
- $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
+ if (empty($vars['fra']) OR empty($vars['fraepost']) OR
+ empty($vars['subject']) OR empty($vars['message']) OR
+ empty($vars['to_group'])) {
+ $retval .= COM_showMessageText($LANG31[26]);
return $retval;
+ }
+
+ $to_group = COM_applyFilter($vars['to_group'], true);
+ if ($to_group > 0) {
+ $group_name = DB_getItem($_TABLES['groups'], 'grp_name',
+ "grp_id = $to_group");
+ if (! SEC_inGroup($group_name)) {
+ return COM_refresh($_CONF['site_admin_url'] . '/mail.php');
+ }
+ } else {
+ return COM_refresh($_CONF['site_admin_url'] . '/mail.php');
}
// Urgent message!
@@ -147,16 +155,16 @@
$html = false;
}
- $groupList = implode (',', USER_getChildGroups($vars['to_group']));
+ $groupList = implode(',', USER_getChildGroups($to_group));
// and now mail it
if (isset ($vars['overstyr'])) {
$sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
- $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
+ $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email IS NOT NULL) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
} else {
$sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
- $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
+ $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email IS NOT NULL) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
$sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
}
More information about the geeklog-cvs
mailing list