Ne pas générer la configuration des comptes si on reçoit une adresse mail valide qui n'est pas un UID

2012-09-22 12:06:39 +02:00 · 2012-09-22 12:06:39 +02:00 · 74d999647f
parent 851414d445
commit 74d999647f
1 changed files with 25 additions and 2 deletions
--- a/root/usr/share/mozilla-mcd/thunderbird.php
+++ b/root/usr/share/mozilla-mcd/thunderbird.php
@ -15,9 +15,22 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV
    // Lookup the user
    $result = ldap_search($link, USER_BASE, "uid=" . $uid);
    $user = ldap_get_entries($link, $result);
+    $configaccounts = 1;
    if($user['count'] == 0) {
-        // user not found
-        exit;
+        $result = ldap_search($link, USER_BASE, "mail=" . $_SERVER['QUERY_STRING']);
+        $user = ldap_get_entries($link, $result);
+        if ($user['count'] == 1){
+            // If we received an valid email address and not an uid
+            // considere TB as already configured
+            // so we don't need to generate accounts config
+            // only general settings will be sent
+            $configaccounts = 0;
+        }
+        else{
+            // user not found
+            header("HTTP/1.1 403 Forbidden");
+            exit;
+        }
    }
    $pref = TB_PREF;
    // Don't lock pref if the user is member of some special groups
@ -30,8 +43,12 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV
    }
 }
 else {
+    // We've not received a valid email address
+    header("HTTP/1.1 403 Forbidden");
    exit;
 }
+
+if ($configaccounts == 1){
 ?>

 // Linux / UNIX ?
@ -107,6 +124,12 @@ $id++;
 <?php echo $pref;?>("mail.account.account2.identities", "<?php echo $identities;?>");
 <?php echo $pref;?>("mail.accountmanager.accounts", "account1,account2");

+
+<?php
+// End if for account settings
+}
+?>
+
 // Disable auto updates
 <?php echo $pref;?>("app.update.enabled", false);
 <?php echo $pref;?>("app.update.auto", false);