diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-07-27 17:50:39 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-07-27 17:50:39 +0000 |
| commit | 1a7ad9f4782f34f7662996fc680905afcaa93f2d (patch) | |
| tree | 3dc7f80c636634ac0674a385ee7b3e94208e409a /plugins/acl/acl.php | |
| parent | f335d8b8fbe4ac5af3a3ec86176992e89f0045fc (diff) | |
- Don't allow setting rights to yourself
git-svn-id: https://svn.roundcube.net/trunk@4979 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'plugins/acl/acl.php')
| -rw-r--r-- | plugins/acl/acl.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/plugins/acl/acl.php b/plugins/acl/acl.php index 2b1baaa3c..3c986a376 100644 --- a/plugins/acl/acl.php +++ b/plugins/acl/acl.php @@ -439,9 +439,11 @@ class acl extends rcube_plugin $username = $user; } - if ($acl && $user && strlen($mbox) - && $this->rc->imap->set_acl($mbox, $user, $acl) - ) { + if ($acl && $user && $user != $_SESSION['username'] && strlen($mbox)) { + $result = $this->rc->imap->set_acl($mbox, $user, $acl); + } + + if ($result) { $ret = array('id' => html_identifier($user), 'username' => $username, 'acl' => implode($acl), 'old' => $oldid); $this->rc->output->command('acl_update', $ret); |