From: Georg Ehrke <dev@georgswebsite.de>
Date: Fri, 13 Apr 2012 03:15:19 +0000 (-0400)
Subject: fix calendarid in eventform and validation of calendarid
X-Git-Tag: v4.0.0beta~244^2~17
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=df2e788a1c29648d5d01f02166eef6cfb5a526c0;p=nextcloud-server.git

fix calendarid in eventform and validation of calendarid
---

diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php
index 6783462eaf1..8db0ba79406 100644
--- a/apps/calendar/ajax/event/edit.form.php
+++ b/apps/calendar/ajax/event/edit.form.php
@@ -195,6 +195,8 @@ if($data['repeating'] == 1){
 }
 if($access == 'owner'){
 	$calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
+}else{
+	$calendar_options = array(OC_Calendar_App::getCalendar($data['calendarid'], false));
 }
 $category_options = OC_Calendar_App::getCategoryOptions();
 $repeat_options = OC_Calendar_App::getRepeatOptions();
diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php
index 8cd25bca00c..ab005bd4a4a 100644
--- a/apps/calendar/lib/object.php
+++ b/apps/calendar/lib/object.php
@@ -451,11 +451,6 @@ class OC_Calendar_Object{
 			$errarr['title'] = 'true';
 			$errnum++;
 		}
-		$calendar = OC_Calendar_App::getCalendar($request['calendar'], true, true);
-		if(!$calendar){
-			$errarr['cal'] = 'true';
-			$errnum++;
-		}
 
 		if(isset($request['categories']) && !is_array($request['categories'])){
 			$errarr['categories'] = $l10n->t('Not an array');
diff --git a/apps/calendar/lib/share.php b/apps/calendar/lib/share.php
index 40f220fcaab..0c656f2d6ee 100644
--- a/apps/calendar/lib/share.php
+++ b/apps/calendar/lib/share.php
@@ -211,17 +211,17 @@ class OC_Calendar_Share{
 	 */
 	public static function check_access($share, $id, $type){
 		$group_where = self::group_sql(OC_Group::getUserGroups($share));
-		$stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE ((share = ? AND sharetype = "user") ' . $group_where . ')');
-		$result = $stmt->execute(array($share));
+		$stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE (' . $type . 'id = ? AND (share = ? AND sharetype = "user") ' . $group_where . ')');
+		$result = $stmt->execute(array($id,$share));
 		$rows =  $result->numRows();
 		if($rows > 0){
 			return true;
-		}
-		if($type == self::EVENT){
+		}elseif($type == self::EVENT){
 			$event = OC_Calendar_App::getEventObject($id, false, false);
 			return self::check_access($share, $event['calendarid'], self::CALENDAR);
+		}else{
+			return false;
 		}
-		return false;
 	}
         /*
          * @brief: returns the calendardata of an event or a calendar
diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php
index 36c741b3a39..05e37243a19 100644
--- a/apps/calendar/templates/part.eventform.php
+++ b/apps/calendar/templates/part.eventform.php
@@ -44,7 +44,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
 			<?php } else { ?>
 			<th width="75px">&nbsp;</th>
 			<td>
-				<input type="hidden" name="calendar" value="<?php echo $_['calendar']; ?>">
+				<input type="hidden" name="calendar" value="<?php echo $_['calendar_options'][0]['id']; ?>">
 			</td>
 			<?php } ?>
 		</tr>