From: Georg Ehrke <dev@georgswebsite.de>
Date: Mon, 14 May 2012 13:33:00 +0000 (+0200)
Subject: check user permissions in calendar's unshare.php
X-Git-Tag: v4.0.0RC2~68
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=55eb318265773c3717d36abb38f90b1feae62107;p=nextcloud-server.git

check user permissions in calendar's unshare.php
---

diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index cbd5ed8e505..fe7c98452d7 100755
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -16,6 +16,14 @@ switch($idtype){
 		OCP\JSON::error(array('message'=>'unexspected parameter'));
 		exit;
 }
+if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){
+	OCP\JSON::error(array('message'=>'permission denied'));
+	exit;
+}
+if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
+	OCP\JSON::error(array('message'=>'permission denied'));
+	exit;
+}
 $sharewith = $_GET['sharewith'];
 $sharetype = strip_tags($_GET['sharetype']);
 switch($sharetype){