novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 22 Pull Requests Releases Wiki Activity

Verify logged in user before displaying a message in mail.php

This commit is contained in:
Retro_Guy 2021-06-04 03:25:31 +00:00
parent e042c25c00
commit 4096ff8d18
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Rocksolid_Light/rocksolid/mail.php
View File

@ -54,6 +54,8 @@ echo '</form>';
echo '</table>';
exit(0);
}
$user = strtolower($_POST['username']);
if(isset($_POST['command']) && $_POST['command'] == 'Message') {
$database = $spooldir.'/mail.db3';
$dbh = mail_db_open($database);
@ -69,6 +71,9 @@ echo '</table>';
$newdate = $ts->format('D, j M Y H:i T');
}
unset($ts);
if(($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) {
continue;
}
$body = rtrim(nl2br($row['message'])).'<br />';
echo '<div class="np_article_header">';
echo '<b>Subject:</b> '.$row['subject'].'<br />';
@ -130,7 +135,6 @@ echo '</table>';
$dbh = null;
}
}
$user = strtolower($_POST['username']);
if(isset($_POST['command']) && $_POST['command'] == 'Send') {
if(isset($_POST['id'])) {
$database = $spooldir.'/mail.db3';