diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-05-17 22:17:06 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-05-17 22:17:06 +0200 |
| commit | 38b93653a1eb6f4a32c6d76a92475eae2aefe7e4 (patch) | |
| tree | 77f9a39a8a6be0f4ab663517b8ddf9929558789d /apps/calendar/ajax | |
| parent | 6e9ed3791bd5901b5e05587aec476d882f958029 (diff) | |
| parent | fbe0d0d4fd1bb7d287a9cff57637b02c34a83a56 (diff) | |
| download | nextcloud-server-38b93653a1eb6f4a32c6d76a92475eae2aefe7e4.tar.gz nextcloud-server-38b93653a1eb6f4a32c6d76a92475eae2aefe7e4.zip | |
Merge branch 'master' into calendar_dropimport
Diffstat (limited to 'apps/calendar/ajax')
33 files changed, 36 insertions, 4 deletions
diff --git a/apps/calendar/ajax/calendar/activation.php b/apps/calendar/ajax/calendar/activation.php index 3523590aa27..380db6a9437 100755..100644 --- a/apps/calendar/ajax/calendar/activation.php +++ b/apps/calendar/ajax/calendar/activation.php @@ -10,7 +10,11 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('calendar'); $calendarid = $_POST['calendarid']; -$calendar = OC_Calendar_App::getCalendar($calendarid);//access check +$calendar = OC_Calendar_App::getCalendar($calendarid, true); +if(!$calendar){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']); $calendar = OC_Calendar_App::getCalendar($calendarid); OCP\JSON::success(array( diff --git a/apps/calendar/ajax/calendar/delete.php b/apps/calendar/ajax/calendar/delete.php index a36a0534650..9e092f2df1d 100755..100644 --- a/apps/calendar/ajax/calendar/delete.php +++ b/apps/calendar/ajax/calendar/delete.php @@ -11,7 +11,11 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('calendar'); $cal = $_POST["calendarid"]; -$calendar = OC_Calendar_App::getCalendar($cal); +$calendar = OC_Calendar_App::getCalendar($cal, true); +if(!$calendar){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} $del = OC_Calendar_Calendar::deleteCalendar($cal); if($del == true){ OCP\JSON::success(); diff --git a/apps/calendar/ajax/calendar/edit.form.php b/apps/calendar/ajax/calendar/edit.form.php index 77366809311..77366809311 100755..100644 --- a/apps/calendar/ajax/calendar/edit.form.php +++ b/apps/calendar/ajax/calendar/edit.form.php diff --git a/apps/calendar/ajax/calendar/edit.php b/apps/calendar/ajax/calendar/edit.php index 77366809311..516c9f6c765 100755..100644 --- a/apps/calendar/ajax/calendar/edit.php +++ b/apps/calendar/ajax/calendar/edit.php @@ -11,7 +11,11 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('calendar'); $calendarcolor_options = OC_Calendar_Calendar::getCalendarColorOptions(); -$calendar = OC_Calendar_App::getCalendar($_GET['calendarid']); +$calendar = OC_Calendar_App::getCalendar($_GET['calendarid'], true); +if(!$calendar){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} $tmpl = new OCP\Template("calendar", "part.editcalendar"); $tmpl->assign('new', false); $tmpl->assign('calendarcolor_options', $calendarcolor_options); diff --git a/apps/calendar/ajax/calendar/new.form.php b/apps/calendar/ajax/calendar/new.form.php index ee46757f56b..ee46757f56b 100755..100644 --- a/apps/calendar/ajax/calendar/new.form.php +++ b/apps/calendar/ajax/calendar/new.form.php diff --git a/apps/calendar/ajax/calendar/new.php b/apps/calendar/ajax/calendar/new.php index 76dbef6b9df..76dbef6b9df 100755..100644 --- a/apps/calendar/ajax/calendar/new.php +++ b/apps/calendar/ajax/calendar/new.php diff --git a/apps/calendar/ajax/calendar/overview.php b/apps/calendar/ajax/calendar/overview.php index 96312537507..96312537507 100755..100644 --- a/apps/calendar/ajax/calendar/overview.php +++ b/apps/calendar/ajax/calendar/overview.php diff --git a/apps/calendar/ajax/calendar/update.php b/apps/calendar/ajax/calendar/update.php index 3b1cc32b316..dce0027304a 100755..100644 --- a/apps/calendar/ajax/calendar/update.php +++ b/apps/calendar/ajax/calendar/update.php @@ -25,7 +25,11 @@ foreach($calendars as $cal){ } $calendarid = $_POST['id']; -$calendar = OC_Calendar_App::getCalendar($calendarid);//access check +$calendar = OC_Calendar_App::getCalendar($calendarid, true); +if(!$calendar){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} OC_Calendar_Calendar::editCalendar($calendarid, strip_tags($_POST['name']), null, null, null, $_POST['color']); OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']); diff --git a/apps/calendar/ajax/categories/rescan.php b/apps/calendar/ajax/categories/rescan.php index 93e8c50954a..93e8c50954a 100755..100644 --- a/apps/calendar/ajax/categories/rescan.php +++ b/apps/calendar/ajax/categories/rescan.php diff --git a/apps/calendar/ajax/changeview.php b/apps/calendar/ajax/changeview.php index 2c2d09ccb12..2c2d09ccb12 100755..100644 --- a/apps/calendar/ajax/changeview.php +++ b/apps/calendar/ajax/changeview.php diff --git a/apps/calendar/ajax/event/delete.php b/apps/calendar/ajax/event/delete.php index cb30621af4d..cb30621af4d 100755..100644 --- a/apps/calendar/ajax/event/delete.php +++ b/apps/calendar/ajax/event/delete.php diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php index f2ea84dd205..f2ea84dd205 100755..100644 --- a/apps/calendar/ajax/event/edit.form.php +++ b/apps/calendar/ajax/event/edit.form.php diff --git a/apps/calendar/ajax/event/edit.php b/apps/calendar/ajax/event/edit.php index e615fb093de..e615fb093de 100755..100644 --- a/apps/calendar/ajax/event/edit.php +++ b/apps/calendar/ajax/event/edit.php diff --git a/apps/calendar/ajax/event/move.php b/apps/calendar/ajax/event/move.php index 8added69143..8added69143 100755..100644 --- a/apps/calendar/ajax/event/move.php +++ b/apps/calendar/ajax/event/move.php diff --git a/apps/calendar/ajax/event/new.form.php b/apps/calendar/ajax/event/new.form.php index 91b85fff07f..91b85fff07f 100755..100644 --- a/apps/calendar/ajax/event/new.form.php +++ b/apps/calendar/ajax/event/new.form.php diff --git a/apps/calendar/ajax/event/new.php b/apps/calendar/ajax/event/new.php index 72d57be03bf..72d57be03bf 100755..100644 --- a/apps/calendar/ajax/event/new.php +++ b/apps/calendar/ajax/event/new.php diff --git a/apps/calendar/ajax/event/resize.php b/apps/calendar/ajax/event/resize.php index 0dc0a5fca7f..0dc0a5fca7f 100755..100644 --- a/apps/calendar/ajax/event/resize.php +++ b/apps/calendar/ajax/event/resize.php diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php index 56fa51aaff2..56fa51aaff2 100755..100644 --- a/apps/calendar/ajax/events.php +++ b/apps/calendar/ajax/events.php diff --git a/apps/calendar/ajax/import/dialog.php b/apps/calendar/ajax/import/dialog.php index 3be02d2a6db..3be02d2a6db 100755..100644 --- a/apps/calendar/ajax/import/dialog.php +++ b/apps/calendar/ajax/import/dialog.php diff --git a/apps/calendar/ajax/import/import.php b/apps/calendar/ajax/import/import.php index 202af1eb46e..202af1eb46e 100755..100644 --- a/apps/calendar/ajax/import/import.php +++ b/apps/calendar/ajax/import/import.php diff --git a/apps/calendar/ajax/settings/getfirstday.php b/apps/calendar/ajax/settings/getfirstday.php index 23b71bba043..23b71bba043 100755..100644 --- a/apps/calendar/ajax/settings/getfirstday.php +++ b/apps/calendar/ajax/settings/getfirstday.php diff --git a/apps/calendar/ajax/settings/gettimezonedetection.php b/apps/calendar/ajax/settings/gettimezonedetection.php index 6bc9a07a1e9..6bc9a07a1e9 100755..100644 --- a/apps/calendar/ajax/settings/gettimezonedetection.php +++ b/apps/calendar/ajax/settings/gettimezonedetection.php diff --git a/apps/calendar/ajax/settings/guesstimezone.php b/apps/calendar/ajax/settings/guesstimezone.php index 13092777b78..13092777b78 100755..100644 --- a/apps/calendar/ajax/settings/guesstimezone.php +++ b/apps/calendar/ajax/settings/guesstimezone.php diff --git a/apps/calendar/ajax/settings/setfirstday.php b/apps/calendar/ajax/settings/setfirstday.php index 373eeee7968..373eeee7968 100755..100644 --- a/apps/calendar/ajax/settings/setfirstday.php +++ b/apps/calendar/ajax/settings/setfirstday.php diff --git a/apps/calendar/ajax/settings/settimeformat.php b/apps/calendar/ajax/settings/settimeformat.php index eae7be54e80..eae7be54e80 100755..100644 --- a/apps/calendar/ajax/settings/settimeformat.php +++ b/apps/calendar/ajax/settings/settimeformat.php diff --git a/apps/calendar/ajax/settings/settimezone.php b/apps/calendar/ajax/settings/settimezone.php index d2797a08aae..d2797a08aae 100755..100644 --- a/apps/calendar/ajax/settings/settimezone.php +++ b/apps/calendar/ajax/settings/settimezone.php diff --git a/apps/calendar/ajax/settings/timeformat.php b/apps/calendar/ajax/settings/timeformat.php index 809164e870a..809164e870a 100755..100644 --- a/apps/calendar/ajax/settings/timeformat.php +++ b/apps/calendar/ajax/settings/timeformat.php diff --git a/apps/calendar/ajax/settings/timezonedetection.php b/apps/calendar/ajax/settings/timezonedetection.php index ba5f2af5fd9..ba5f2af5fd9 100755..100644 --- a/apps/calendar/ajax/settings/timezonedetection.php +++ b/apps/calendar/ajax/settings/timezonedetection.php diff --git a/apps/calendar/ajax/share/activation.php b/apps/calendar/ajax/share/activation.php index 5526e5230f4..5526e5230f4 100755..100644 --- a/apps/calendar/ajax/share/activation.php +++ b/apps/calendar/ajax/share/activation.php diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php index e4a4f186ab0..2737420c94e 100755..100644 --- a/apps/calendar/ajax/share/changepermission.php +++ b/apps/calendar/ajax/share/changepermission.php @@ -17,6 +17,14 @@ switch($idtype){ OCP\JSON::error(array('message'=>'unexspected parameter')); exit; } +if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} +if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} $sharewith = $_GET['sharewith']; $sharetype = strip_tags($_GET['sharetype']); switch($sharetype){ diff --git a/apps/calendar/ajax/share/dropdown.php b/apps/calendar/ajax/share/dropdown.php index a3b0faca4bf..a3b0faca4bf 100755..100644 --- a/apps/calendar/ajax/share/dropdown.php +++ b/apps/calendar/ajax/share/dropdown.php diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php index 3ce2bf1e217..3ce2bf1e217 100755..100644 --- a/apps/calendar/ajax/share/share.php +++ b/apps/calendar/ajax/share/share.php diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php index cbd5ed8e505..fe7c98452d7 100755..100644 --- a/apps/calendar/ajax/share/unshare.php +++ b/apps/calendar/ajax/share/unshare.php @@ -16,6 +16,14 @@ switch($idtype){ OCP\JSON::error(array('message'=>'unexspected parameter')); exit; } +if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} +if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} $sharewith = $_GET['sharewith']; $sharetype = strip_tags($_GET['sharetype']); switch($sharetype){ |