Make map directory restriction more selective

diff --git a/postfix/CHANGELOG b/postfix/CHANGELOG
index 0a98657..6307102 100644 (file)
--- a/postfix/CHANGELOG
+++ b/postfix/CHANGELOG
@@ -70,3 +70,5 @@ Improved Postfix main.cf file parser to skip indented blank lines.
 Changed map deletion function to not remove expected line, which can otherwise cause file corruption.
 Autoreply messages starting with <html> or <body> will now be sent using the tex
 t/html MIME type.
+---- Changes since 1.500 ----
+If a map is made up of files in multiple directories and a Webmin user has a directory restriction defined, he will be able to edit map entries in files under that directory.

diff --git a/postfix/save_map.cgi b/postfix/save_map.cgi
index 6740b78..681f34e 100755 (executable)
--- a/postfix/save_map.cgi
+++ b/postfix/save_map.cgi
@@ -36,9 +36,16 @@ foreach $trans (@{$maps})
 }
 
 my @maps_files = &get_maps_files(&get_current_value($in{'map_name'}));
-foreach my $f (@maps_files) {
-      &is_under_directory($access{'dir'}, $f) ||
-       &error(&text('mapping_ecannot', $access{'dir'}));
+if ($add) {
+       # Last file must editable
+       !@maps_files ||
+           &is_under_directory($access{'dir'}, $maps_files[$#maps_files]) ||
+               &error(&text('mapping_ecannot', $access{'dir'}));
+} else {
+       # Map must be in an editable file
+       !$map{'map_file'} ||
+           &is_under_directory($access{'dir'}, $map{'map_file'}) ||
+               &error(&text('mapping_ecannot', $access{'dir'}));
 }
 
 defined($maps_files[0]) || &error($text{'mapps_no_map_file'});