web interface code:

* allow list access even if no webusers file exists, if there is no login authentication configured * output a warning, if no webusers file exists
2008-09-30 02:47:04 +00:00 · 2008-09-30 02:47:04 +00:00 · be4ffc74a3
parent 39b32b2dd1
commit be4ffc74a3
1 changed files with 12 additions and 4 deletions
--- a/ezmlm-web.cgi
+++ b/ezmlm-web.cgi
@ -2570,12 +2570,16 @@ sub save_text {
 sub webauth {
 	my $listname = shift;
   
-	# Check if webusers file exists - if not, then access is granted
-	return (1==0) if (! -e "$WEBUSERS_FILE");
-
 	# if there was no user authentication, then everything is allowed
 	return (0==0) if (!$LOGIN_NAME);

+	# Check if webusers file exists - if not, then access is granted
+	if (! -e "$WEBUSERS_FILE") {
+		warn "[ezmlm-web] no 'webusers' file found ('$WEBUSERS_FILE'): "
+				. "access denied.";
+		return (1==0);
+	}
+
 	# Read authentication level from webusers file. Format of this file is
 	# somewhat similar to the unix groups file
 	unless (open (USERS, "<$WEBUSERS_FILE")) {
@ -2619,7 +2623,11 @@ sub webauth_create_allowed {
 	return (0==0) if (!$LOGIN_NAME);

 	# Check if webusers file exists - if not, then access is granted
-	return (1==0) if (! -e "$WEBUSERS_FILE");
+	if (! -e "$WEBUSERS_FILE") {
+		warn "[ezmlm-web] no 'webusers' file found ('$WEBUSERS_FILE'): "
+				. "access denied.";
+		return (1==0);
+	}

 	# Read create-permission from webusers file.
 	# the special listname "ALLOW_CREATE" controls, who is allowed to do it