From c4ee924869fde31d41c47cd05d0f6c9ff4c16bdf Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Sat, 11 Feb 2012 21:48:45 +0100 Subject: [PATCH] Cleanup OC_Contacts_Addressbook::find usage Use OC_Contacts_App::getAddressbook($id) instead of OC_Contacts_Addressbook::find($id), it contains access checks. --- apps/contacts/import.php | 6 +----- apps/contacts/photo.php | 14 +------------- apps/contacts/thumbnail.php | 16 +--------------- 3 files changed, 3 insertions(+), 33 deletions(-) diff --git a/apps/contacts/import.php b/apps/contacts/import.php index 9008208db59..4638bf0d73c 100644 --- a/apps/contacts/import.php +++ b/apps/contacts/import.php @@ -22,12 +22,8 @@ if($_POST['method'] == 'new'){ $id = OC_Contacts_Addressbook::add(OC_User::getUser(), $_POST['addressbookname']); OC_Contacts_Addressbook::setActive($id, 1); }else{ - $contacts = OC_Contacts_Addressbook::find($_POST['id']); - if($contacts['userid'] != OC_USER::getUser()){ - OC_JSON::error(); - exit(); - } $id = $_POST['id']; + OC_Contacts_App::getAddressbook($id); // is owner access check } //analyse the contacts file if(is_writable('import_tmp/')){ diff --git a/apps/contacts/photo.php b/apps/contacts/photo.php index 756aae63c4d..9566764e70a 100644 --- a/apps/contacts/photo.php +++ b/apps/contacts/photo.php @@ -31,19 +31,7 @@ if(isset($GET['refresh'])) { } $l10n = new OC_L10N('contacts'); -$card = OC_Contacts_VCard::find( $id ); -if( $card === false ){ - echo $l10n->t('Contact could not be found.'); - exit(); -} - -$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] ); -if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){ - echo $l10n->t('This is not your contact.'); // This is a weird error, why would it come up? (Better feedback for users?) - exit(); -} - -$content = OC_VObject::parse($card['carddata']); +$content = OC_Contacts_App::getContactVCard($id); $image = new OC_Image(); // invalid vcard if( is_null($content)){ diff --git a/apps/contacts/thumbnail.php b/apps/contacts/thumbnail.php index 36d395171a9..b981fdbe1e7 100644 --- a/apps/contacts/thumbnail.php +++ b/apps/contacts/thumbnail.php @@ -50,21 +50,7 @@ $id = $_GET['id']; $l10n = new OC_L10N('contacts'); -$card = OC_Contacts_VCard::find( $id ); -if( $card === false ){ - OC_Log::write('contacts','thumbnail.php. Contact could not be found: '.$id,OC_Log::ERROR); - getStandardImage(); - exit(); -} - -// FIXME: Is this check necessary? It just takes up CPU time. -$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] ); -if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){ - OC_Log::write('contacts','thumbnail.php. Wrong contact/addressbook - WTF?',OC_Log::ERROR); - exit(); -} - -$content = OC_VObject::parse($card['carddata']); +$content = OC_Contacts_App::getContactVCard($id); // invalid vcard if( is_null($content)){ -- 2.39.5