mail_user_edit.php still has a code problem (related to client can set 0 for quota)
So before I updated to 3.0.5.4p3 the client could set its own quota to 0. I took some time and I figured out that the code is checking $this->oldDataRecord in onSubmit, but it will be set in onUpdate which is called from onSubmit later. After I installed 3.0.5.4p3 this has been fixed, but I see the problem still exists and it's been fixed by an added extra compare to $_POST['quota'] to make a workaround for the oldDataRecord check which is actually unnecessary:
169: if(isset($_POST["quota"]) && $client["limit_mailquota"] >= 0 && (($app->functions->intval($this->dataRecord["quota"]) * 1024 * 1024 != $this->oldDataRecord['quota']) || ($_POST["quota"] <= 0))) {
The only problem with this is that the $this->oldDataRecord is null, because it will be initialized later in onUpdate so this line of code can be simply replaced with this:
169: if(isset($_POST["quota"]) && $client["limit_mailquota"] >= 0) {
File: ispconfig/interface/web/mail/mail_user_edit.php