From cbd3277d1845baa350274bd6d8b65c915d886f3a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 16 Feb 2018 17:19:18 +0100
Subject: [dozmod] Remove testmail permission, would leak pw and makes little
sense
---
modules-available/dozmod/pages/mailconfig.inc.php | 7 +++----
modules-available/dozmod/permissions/permissions.json | 3 ---
modules-available/dozmod/templates/mailconfig.html | 2 +-
3 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/modules-available/dozmod/pages/mailconfig.inc.php b/modules-available/dozmod/pages/mailconfig.inc.php
index 1f0a750c..08205f2e 100644
--- a/modules-available/dozmod/pages/mailconfig.inc.php
+++ b/modules-available/dozmod/pages/mailconfig.inc.php
@@ -58,17 +58,16 @@ class SubPage
$mailConf['set_' . $mailConf['ssl']] = 'selected="selected"';
}
}
- Permission::addGlobalTags($mailConf['perms'], NULL, ['mailconfig.save', 'mailconfig.testmail']);
+ Permission::addGlobalTags($mailConf['perms'], null, ['mailconfig.save']);
Render::addTemplate('mailconfig', $mailConf);
}
public static function doAjax()
{
+ User::assertPermission("mailconfig.save");
$action = Request::post('action');
if ($action === 'mail') {
- if (User::hasPermission("mailconfig.testmail")) {
- self::handleTestMail();
- }
+ self::handleTestMail();
}
}
diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json
index c149cb69..c46768d7 100644
--- a/modules-available/dozmod/permissions/permissions.json
+++ b/modules-available/dozmod/permissions/permissions.json
@@ -11,9 +11,6 @@
"mailconfig.save": {
"location-aware": false
},
- "mailconfig.testmail": {
- "location-aware": false
- },
"runtimeconfig.save": {
"location-aware": false
},
diff --git a/modules-available/dozmod/templates/mailconfig.html b/modules-available/dozmod/templates/mailconfig.html
index 3aa1eda5..dbcdddcb 100644
--- a/modules-available/dozmod/templates/mailconfig.html
+++ b/modules-available/dozmod/templates/mailconfig.html
@@ -55,7 +55,7 @@