diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-05-14 15:33:00 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-05-14 15:42:16 +0200 |
| commit | 55eb318265773c3717d36abb38f90b1feae62107 (patch) | |
| tree | 8915c30a78126cc70cffdc5ac72ac3f8614d7f2e | |
| parent | bda2dbec1f45b3aaed93ade98553e71cf1911d68 (diff) | |
| download | nextcloud-server-55eb318265773c3717d36abb38f90b1feae62107.tar.gz nextcloud-server-55eb318265773c3717d36abb38f90b1feae62107.zip | |
check user permissions in calendar's unshare.php
| -rwxr-xr-x | apps/calendar/ajax/share/unshare.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php index cbd5ed8e505..fe7c98452d7 100755 --- a/apps/calendar/ajax/share/unshare.php +++ b/apps/calendar/ajax/share/unshare.php @@ -16,6 +16,14 @@ switch($idtype){ OCP\JSON::error(array('message'=>'unexspected parameter')); exit; } +if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} +if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} $sharewith = $_GET['sharewith']; $sharetype = strip_tags($_GET['sharetype']); switch($sharetype){ |