Make events show again.

diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php
index b0c5587633fe910de8bcf0fc5e04222b5246dc9b..3f29f1e5eff8a122860eddfb5808b428704ae076 100644 (file)
--- a/apps/calendar/ajax/events.php
+++ b/apps/calendar/ajax/events.php
@@ -13,16 +13,15 @@ OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
 
 // Look for the calendar id
-$calendar_id = OC_Calendar_App::getCalendar($_GET['calendar_id'], false, false);
-if($calendar_id !== false){
-       if(! is_numeric($calendar_id['userid']) && $calendar_id['userid'] != OCP\User::getUser()){
-               OCP\JSON::error();
-               exit;
+$calendar_id = null;
+if (strval(intval($_GET['calendar_id'])) == strval($_GET['calendar_id'])) { // integer for sure.
+       $id = intval($_GET['calendar_id']);
+       $calendarrow = OC_Calendar_App::getCalendar($id, true, false); // Let's at least security check otherwise we might as well use OC_Calendar_Calendar::find()
+       if($calendarrow !== false && is_int($calendar_id['userid']) && $id == $calendar_id['userid']) {
+               $calendar_id = $id;
        }
 }
-else {
-       $calendar_id = $_GET['calendar_id'];
-}
+$calendar_id = (is_null($calendar_id)?strip_tags($_GET['calendar_id']):$calendar_id);
 
 $start = (version_compare(PHP_VERSION, '5.3.0', '>='))?DateTime::createFromFormat('U', $_GET['start']):new DateTime('@' . $_GET['start']);
 $end = (version_compare(PHP_VERSION, '5.3.0', '>='))?DateTime::createFromFormat('U', $_GET['end']):new DateTime('@' . $_GET['end']);