mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cleanup OC_Contacts_Addressbook::find usage 

Use OC_Contacts_App::getAddressbook($id) instead of OC_Contacts_Addressbook::find($id), it contains access checks.
This commit is contained in:
Bart Visscher 2012-02-11 21:48:45 +01:00
parent 192b8906a3
commit c4ee924869
3 changed files with 3 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/contacts/import.php
View File

@ -22,12 +22,8 @@ if($_POST['method'] == 'new'){
$id = OC_Contacts_Addressbook::add(OC_User::getUser(), $_POST['addressbookname']); $id = OC_Contacts_Addressbook::add(OC_User::getUser(), $_POST['addressbookname']);
OC_Contacts_Addressbook::setActive($id, 1); OC_Contacts_Addressbook::setActive($id, 1);
}else{ }else{
$contacts = OC_Contacts_Addressbook::find($_POST['id']);
if($contacts['userid'] != OC_USER::getUser()){
OC_JSON::error();
exit();
}
$id = $_POST['id']; $id = $_POST['id'];
OC_Contacts_App::getAddressbook($id); // is owner access check
} }
//analyse the contacts file //analyse the contacts file
if(is_writable('import_tmp/')){ if(is_writable('import_tmp/')){

14
apps/contacts/photo.php
View File

@ -31,19 +31,7 @@ if(isset($GET['refresh'])) {
} }
$l10n = new OC_L10N('contacts'); $l10n = new OC_L10N('contacts');
$card = OC_Contacts_VCard::find( $id ); $content = OC_Contacts_App::getContactVCard($id);
if( $card === false ){
echo $l10n->t('Contact could not be found.');
exit();
}
$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] );
if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){
echo $l10n->t('This is not your contact.'); // This is a weird error, why would it come up? (Better feedback for users?)
exit();
}
$content = OC_VObject::parse($card['carddata']);
$image = new OC_Image(); $image = new OC_Image();
// invalid vcard // invalid vcard
if( is_null($content)){ if( is_null($content)){

16
apps/contacts/thumbnail.php
View File

@ -50,21 +50,7 @@ $id = $_GET['id'];
$l10n = new OC_L10N('contacts'); $l10n = new OC_L10N('contacts');
$card = OC_Contacts_VCard::find( $id ); $content = OC_Contacts_App::getContactVCard($id);
if( $card === false ){
OC_Log::write('contacts','thumbnail.php. Contact could not be found: '.$id,OC_Log::ERROR);
getStandardImage();
exit();
}
// FIXME: Is this check necessary? It just takes up CPU time.
$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] );
if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){
OC_Log::write('contacts','thumbnail.php. Wrong contact/addressbook - WTF?',OC_Log::ERROR);
exit();
}
$content = OC_VObject::parse($card['carddata']);
// invalid vcard // invalid vcard
if( is_null($content)){ if( is_null($content)){