]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: afcb0ae)
check permission check in share function
authorGeorg Ehrke <dev@georgswebsite.de>
Fri, 13 Apr 2012 21:16:28 +0000 (17:16 -0400)
committerGeorg Ehrke <dev@georgswebsite.de>
Fri, 13 Apr 2012 21:16:28 +0000 (17:16 -0400)
apps/calendar/ajax/share/share.php patch | blob | history

diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php
index 92c3eb90d3b7566ba54deba99cebc9d50307d6c7..2e81040b4776906387ad016a9d8a85f92b1c4cd4 100644 (file)
--- a/apps/calendar/ajax/share/share.php
+++ b/apps/calendar/ajax/share/share.php
@@ -16,6 +16,14 @@ switch($idtype){
                OC_JSON::error(array('message'=>'unexspected parameter'));
                exit;
 }
+if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){
+       OC_JSON::error(array('message'=>'permission denied'));
+       exit;
+}
+if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
+       OC_JSON::error(array('message'=>'permission denied'));
+       exit;
+}
 $sharewith = $_GET['sharewith'];
 $sharetype = strip_tags($_GET['sharetype']);
 switch($sharetype){
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server