Fix domain capability checks on the user edit form#297
Merged
rimas-kudelis merged 1 commit intoJun 8, 2026
Conversation
The checks in adminuserchangesubmit.php that decide whether on_piped, on_avscan and on_spamassassin may be enabled use a single `=`, so they assign 1 to $row[...] and the condition is always true. The add form (adminuseraddsubmit.php) uses `==` and behaves as intended. on_piped is the main issue: a piped user's smtp value is used directly as the pipe_transport command in the virtual_domains router, so while the check is broken a domain admin can switch a user to piped delivery even when the domain doesn't have pipe enabled. on_avscan and on_spamassassin are less of an issue because the routers also check the domain flag, but they have the same typo. Changes the three comparisons to ==.
Collaborator
|
Hi, thanks for this PR! Not sure I'm a fan of this intended approach at all though:
Anyway, current code is wrong, so I'm merging this. Thanks again! |
Contributor
Author
|
Thanks, and agreed on both! I opened a new PR #300 for the Exim side: a virtual_piped router that only pipes when on_piped and the domain's pipe flag are both set, plus forbid_pipe on virtual_domains. The forms already hide those checkboxes when the domain lacks the capability, so this just adds the server-side guarantee. (Left the catchall/group routers as-is since their data isn't the raw smtp field. I would suggest putting this change somewhere into the Readme to notify existing admins that they should implement this manually on existing installations |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The checks in adminuserchangesubmit.php that decide whether on_piped,
on_avscan and on_spamassassin may be enabled use a single
=, so theyassign 1 to $row[...] and the condition is always true. The add form
(adminuseraddsubmit.php) uses
==and behaves as intended.on_piped is the main issue: a piped user's smtp value is used directly
as the pipe_transport command in the virtual_domains router, so while
the check is broken a domain admin can switch a user to piped delivery
even when the domain doesn't have pipe enabled. on_avscan and
on_spamassassin are less of an issue because the routers also check the
domain flag, but they have the same typo.
Changes the three comparisons to ==.