fix calendar vulnerability

This commit is contained in:
Georg Ehrke 2012-05-08 08:46:14 +02:00
parent 010b97febd
commit 0ce1cbdd14
1 changed files with 7 additions and 1 deletions

View File

@ -12,10 +12,16 @@ require_once('when/When.php');
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
$calendar = OC_Calendar_App::getCalendar($_GET['calendar_id'], false, false);
if($calendar['userid'] != OCP\User::getUser){
OCP\JSON::error();
exit;
}
$start = (version_compare(PHP_VERSION, '5.3.0', '>='))?DateTime::createFromFormat('U', $_GET['start']):new DateTime('@' . $_GET['start']);
$end = (version_compare(PHP_VERSION, '5.3.0', '>='))?DateTime::createFromFormat('U', $_GET['end']):new DateTime('@' . $_GET['end']);
$events = OC_Calendar_App::getrequestedEvents($_GET['calendar_id'], $start, $end);
$events = OC_Calendar_App::getrequestedEvents($id, $start, $end);
$output = array();
foreach($events as $event){