From a8a6d262be032d68fa81980da5743750e939f4df Mon Sep 17 00:00:00 2001
From: Ben Klang <ben@alkaloid.net>
Date: Thu, 31 Dec 2009 16:51:09 -0500
Subject: [PATCH] Shout: verify the passed-in context is valid

---
 shout/lib/base.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/shout/lib/base.php b/shout/lib/base.php
index 4ec1df0c2..a086cca63 100644
--- a/shout/lib/base.php
+++ b/shout/lib/base.php
@@ -59,7 +59,7 @@ $notification->attach('status');
 //// UI classes.
 //require_once 'Horde/UI/Tabs.php';
 
-$shout_storage = Shout_Driver::factory('storage');
+$shout_contexts = Shout_Driver::factory('storage');
 $shout_extensions = Shout_Driver::factory('extensions');
 $shout_devices = Shout_Driver::factory('devices');
 
@@ -67,7 +67,7 @@ $context = Horde_Util::getFormData('context');
 $section = Horde_Util::getFormData('section');
 
 try {
-    $contexts = $shout_storage->getContexts();
+    $contexts = $shout_contexts->getContexts();
 } catch (Shout_Exception $e) {
     $notification->push($e);
     $contexts = false;
@@ -75,13 +75,16 @@ try {
 
 if (count($contexts) == 1) {
     // Default to the user's only context
+    if (!empty($context) && $context != $contexts[0]) {
+        $notification->push(_("You do not have permission to access that context."), 'horde.error');
+    }
     $context = $contexts[0];
 } elseif (!empty($context) && !in_array($context, $contexts)) {
-    $notification->push('You do not have permission to access that context.', 'horde.error');
+    $notification->push(_("You do not have permission to access that context."), 'horde.error');
     $context = false;
 } elseif (!empty($context)) {
     $notification->push("Please select a context to continue.", 'horde.info');
     $context = false;
 }
 
-$_SESSION['shout']['context'] = $context;
\ No newline at end of file
+$_SESSION['shout']['context'] = $context;
-- 
2.11.0