]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bda2dbe)
check user permissions in calendar's unshare.php
authorGeorg Ehrke <dev@georgswebsite.de>
Mon, 14 May 2012 13:33:00 +0000 (15:33 +0200)
committerGeorg Ehrke <dev@georgswebsite.de>
Mon, 14 May 2012 13:42:16 +0000 (15:42 +0200)
apps/calendar/ajax/share/unshare.php patch | blob | history

diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index cbd5ed8e505bbe8c511e919578316be2c8a2c49d..fe7c98452d7e14528dd4d9532944d1ee51350756 100755 (executable)
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -16,6 +16,14 @@ switch($idtype){
                OCP\JSON::error(array('message'=>'unexspected parameter'));
                exit;
 }
+if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){
+       OCP\JSON::error(array('message'=>'permission denied'));
+       exit;
+}
+if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
+       OCP\JSON::error(array('message'=>'permission denied'));
+       exit;
+}
 $sharewith = $_GET['sharewith'];
 $sharetype = strip_tags($_GET['sharetype']);
 switch($sharetype){
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server