fix calendar vulnerability
This commit is contained in:
parent
010b97febd
commit
0ce1cbdd14
|
@ -12,10 +12,16 @@ require_once('when/When.php');
|
|||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('calendar');
|
||||
|
||||
$calendar = OC_Calendar_App::getCalendar($_GET['calendar_id'], false, false);
|
||||
if($calendar['userid'] != OCP\User::getUser){
|
||||
OCP\JSON::error();
|
||||
exit;
|
||||
}
|
||||
|
||||
$start = (version_compare(PHP_VERSION, '5.3.0', '>='))?DateTime::createFromFormat('U', $_GET['start']):new DateTime('@' . $_GET['start']);
|
||||
$end = (version_compare(PHP_VERSION, '5.3.0', '>='))?DateTime::createFromFormat('U', $_GET['end']):new DateTime('@' . $_GET['end']);
|
||||
|
||||
$events = OC_Calendar_App::getrequestedEvents($_GET['calendar_id'], $start, $end);
|
||||
$events = OC_Calendar_App::getrequestedEvents($id, $start, $end);
|
||||
|
||||
$output = array();
|
||||
foreach($events as $event){
|
||||
|
|
Loading…
Reference in New Issue