add missing access control

2026-06-07 07:03:17 +00:00 · 2026-03-19 12:41:47 +01:00
parent ed9264fd2a
commit 8a65b9d1c6
1 changed files with 8 additions and 0 deletions
@@ -108,6 +108,14 @@ function fwdhost($_action, $_data = null) {
      }
    break;
    case 'delete':
      if ($_SESSION['mailcow_cc_role'] != "admin") {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_data_log),
          'msg' => 'access_denied'
        );
        return false;
      }
      $hosts = (array)$_data['forwardinghost'];
      foreach ($hosts as $host) {
        try {