diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-04-13 17:16:28 -0400 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-04-13 17:16:28 -0400 |
| commit | 1e0364baa85b063debb2c1248585d97cd61a8a1f (patch) | |
| tree | b439ffce625256da5c3d5d86b6802be06f82a6a0 /apps/calendar | |
| parent | afcb0aee40230c68dd99f5ea2501b7ba7e444560 (diff) | |
| download | nextcloud-server-1e0364baa85b063debb2c1248585d97cd61a8a1f.tar.gz nextcloud-server-1e0364baa85b063debb2c1248585d97cd61a8a1f.zip | |
check permission check in share function
Diffstat (limited to 'apps/calendar')
| -rw-r--r-- | apps/calendar/ajax/share/share.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php index 92c3eb90d3b..2e81040b477 100644 --- a/apps/calendar/ajax/share/share.php +++ b/apps/calendar/ajax/share/share.php @@ -16,6 +16,14 @@ switch($idtype){ OC_JSON::error(array('message'=>'unexspected parameter')); exit; } +if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){ + OC_JSON::error(array('message'=>'permission denied')); + exit; +} +if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ + OC_JSON::error(array('message'=>'permission denied')); + exit; +} $sharewith = $_GET['sharewith']; $sharetype = strip_tags($_GET['sharetype']); switch($sharetype){ |