j3d1/multimail
1
1
Fork 0
Code Issues Pull requests Releases Wiki Activity

don't leak information about other users aliases and mailboxes

Browse source
This commit is contained in:
j3d1 2021-10-28 00:29:17 +02:00
parent 252982d038
commit 5fce1fb288
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
backend/multimail/forms.py
View file

@ -109,6 +109,10 @@ def edit_mailbox(request, mailbox_id):
if form.is_valid() and form.cleaned_data['domain'] in domains: if form.is_valid() and form.cleaned_data['domain'] in domains:
form.save() form.save()
return HttpResponseRedirect('/mailboxes/') return HttpResponseRedirect('/mailboxes/')
else:
if not form.cleaned_data['domain'] in domains:
form.errors.clear()
form.add_error(None, "You don't own this domain")
except IntegrityError as e: except IntegrityError as e:
form.add_error(None, e) form.add_error(None, e)
@ -129,6 +133,10 @@ def new_mailbox(request):
if form.is_valid() and form.cleaned_data['domain'] in domains: if form.is_valid() and form.cleaned_data['domain'] in domains:
form.save() form.save()
return HttpResponseRedirect('/mailboxes/') return HttpResponseRedirect('/mailboxes/')
else:
if not form.cleaned_data['domain'] in domains:
form.errors.clear()
form.add_error(None, "You don't own this domain")
except IntegrityError as e: except IntegrityError as e:
form.add_error(None, e) form.add_error(None, e)
@ -153,6 +161,10 @@ def edit_alias(request, alias_id):
if form.is_valid() and form.cleaned_data['source_domain'] in domains: if form.is_valid() and form.cleaned_data['source_domain'] in domains:
form.save() form.save()
return HttpResponseRedirect('/aliases/') return HttpResponseRedirect('/aliases/')
else:
if not form.cleaned_data['source_domain'] in domains:
form.errors.clear()
form.add_error(None, "You don't own this domain")
except IntegrityError as e: except IntegrityError as e:
form.add_error(None, e) form.add_error(None, e)
@ -173,6 +185,10 @@ def new_alias(request):
if form.is_valid() and form.cleaned_data['source_domain'] in domains: if form.is_valid() and form.cleaned_data['source_domain'] in domains:
form.save() form.save()
return HttpResponseRedirect('/aliases/') return HttpResponseRedirect('/aliases/')
else:
if not form.cleaned_data['source_domain'] in domains:
form.errors.clear()
form.add_error(None, "You don't own this domain")
except IntegrityError as e: except IntegrityError as e:
form.add_error(None, e) form.add_error(None, e)