From be4ffc74a3276e9324786e78e322208ffa347a0e Mon Sep 17 00:00:00 2001
From: lars <lars@systemausfall.org>
Date: Tue, 30 Sep 2008 02:47:04 +0000
Subject: [PATCH] web interface code: * allow list access even if no webusers
 file exists, if there is no login   authentication configured * output a
 warning, if no webusers file exists

---
 ezmlm-web.cgi | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/ezmlm-web.cgi b/ezmlm-web.cgi
index 06907db..08567e5 100755
--- a/ezmlm-web.cgi
+++ b/ezmlm-web.cgi
@@ -2570,12 +2570,16 @@ sub save_text {
 sub webauth {
 	my $listname = shift;
    
-	# Check if webusers file exists - if not, then access is granted
-	return (1==0) if (! -e "$WEBUSERS_FILE");
-
 	# if there was no user authentication, then everything is allowed
 	return (0==0) if (!$LOGIN_NAME);
 
+	# Check if webusers file exists - if not, then access is granted
+	if (! -e "$WEBUSERS_FILE") {
+		warn "[ezmlm-web] no 'webusers' file found ('$WEBUSERS_FILE'): "
+				. "access denied.";
+		return (1==0);
+	}
+
 	# Read authentication level from webusers file. Format of this file is
 	# somewhat similar to the unix groups file
 	unless (open (USERS, "<$WEBUSERS_FILE")) {
@@ -2619,7 +2623,11 @@ sub webauth_create_allowed {
 	return (0==0) if (!$LOGIN_NAME);
 
 	# Check if webusers file exists - if not, then access is granted
-	return (1==0) if (! -e "$WEBUSERS_FILE");
+	if (! -e "$WEBUSERS_FILE") {
+		warn "[ezmlm-web] no 'webusers' file found ('$WEBUSERS_FILE'): "
+				. "access denied.";
+		return (1==0);
+	}
 
 	# Read create-permission from webusers file.
 	# the special listname "ALLOW_CREATE" controls, who is allowed to do it