Use OC_Contacts_App::getAddressbook($id) instead of OC_Contacts_Addressbook::find($id), it contains access checks.
$id = OC_Contacts_Addressbook::add(OC_User::getUser(), $_POST['addressbookname']);
OC_Contacts_Addressbook::setActive($id, 1);
}else{
- $contacts = OC_Contacts_Addressbook::find($_POST['id']);
- if($contacts['userid'] != OC_USER::getUser()){
- OC_JSON::error();
- exit();
- }
$id = $_POST['id'];
+ OC_Contacts_App::getAddressbook($id); // is owner access check
}
//analyse the contacts file
if(is_writable('import_tmp/')){
}
$l10n = new OC_L10N('contacts');
-$card = OC_Contacts_VCard::find( $id );
-if( $card === false ){
- echo $l10n->t('Contact could not be found.');
- exit();
-}
-
-$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] );
-if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){
- echo $l10n->t('This is not your contact.'); // This is a weird error, why would it come up? (Better feedback for users?)
- exit();
-}
-
-$content = OC_VObject::parse($card['carddata']);
+$content = OC_Contacts_App::getContactVCard($id);
$image = new OC_Image();
// invalid vcard
if( is_null($content)){
$l10n = new OC_L10N('contacts');
-$card = OC_Contacts_VCard::find( $id );
-if( $card === false ){
- OC_Log::write('contacts','thumbnail.php. Contact could not be found: '.$id,OC_Log::ERROR);
- getStandardImage();
- exit();
-}
-
-// FIXME: Is this check necessary? It just takes up CPU time.
-$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] );
-if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){
- OC_Log::write('contacts','thumbnail.php. Wrong contact/addressbook - WTF?',OC_Log::ERROR);
- exit();
-}
-
-$content = OC_VObject::parse($card['carddata']);
+$content = OC_Contacts_App::getContactVCard($id);
// invalid vcard
if( is_null($content)){
projects / nextcloud-server.git / commitdiff