amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-28 06:35:26 +00:00
Code Issues Projects Releases Wiki Activity

oc: Check permissions on read opening a shared folder

Browse Source 
This is a security issue that allowed a user to read the number
of messages and its subjects when it does not have any permission to read.

Now the user cannot see other's folder without asking for me to the owner.
This commit is contained in:
Enrique J. Hernández Blasco
2016-02-04 11:31:00 +01:00
parent b92ca092ed
commit a9f336c69d
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
OpenChange/MAPIStoreSOGo.m
+5
View File
@@ -244,8 +244,13 @@ static void mapiapp_cleanup(void)
\details Create a connection context to the sogo backend
\param mem_ctx pointer to the memory context
\param conn_info pointer to the connection information available for this context
(database connection, connected user, replica server info)
\param indexing pointer to the indexing database connection
\param uri pointer to the sogo path
\param private_data pointer to the private backend context
\note the developer must free allocated private_data
*/
static enum mapistore_error