diff options
| author | Bart Visscher <bartv@thisnet.nl> | 2012-02-11 21:48:45 +0100 |
|---|---|---|
| committer | Bart Visscher <bartv@thisnet.nl> | 2012-02-12 15:14:23 +0100 |
| commit | c4ee924869fde31d41c47cd05d0f6c9ff4c16bdf (patch) | |
| tree | df956456308f7ff86c87b56634df93fc532e1d47 /apps/contacts | |
| parent | 192b8906a38aed893b9148954beaf6af85035d40 (diff) | |
| download | nextcloud-server-c4ee924869fde31d41c47cd05d0f6c9ff4c16bdf.tar.gz nextcloud-server-c4ee924869fde31d41c47cd05d0f6c9ff4c16bdf.zip | |
Cleanup OC_Contacts_Addressbook::find usage
Use OC_Contacts_App::getAddressbook($id) instead of OC_Contacts_Addressbook::find($id), it contains access checks.
Diffstat (limited to 'apps/contacts')
| -rw-r--r-- | apps/contacts/import.php | 6 | ||||
| -rw-r--r-- | apps/contacts/photo.php | 14 | ||||
| -rw-r--r-- | apps/contacts/thumbnail.php | 16 |
3 files changed, 3 insertions, 33 deletions
diff --git a/apps/contacts/import.php b/apps/contacts/import.php index 9008208db59..4638bf0d73c 100644 --- a/apps/contacts/import.php +++ b/apps/contacts/import.php @@ -22,12 +22,8 @@ if($_POST['method'] == 'new'){ $id = OC_Contacts_Addressbook::add(OC_User::getUser(), $_POST['addressbookname']); OC_Contacts_Addressbook::setActive($id, 1); }else{ - $contacts = OC_Contacts_Addressbook::find($_POST['id']); - if($contacts['userid'] != OC_USER::getUser()){ - OC_JSON::error(); - exit(); - } $id = $_POST['id']; + OC_Contacts_App::getAddressbook($id); // is owner access check } //analyse the contacts file if(is_writable('import_tmp/')){ diff --git a/apps/contacts/photo.php b/apps/contacts/photo.php index 756aae63c4d..9566764e70a 100644 --- a/apps/contacts/photo.php +++ b/apps/contacts/photo.php @@ -31,19 +31,7 @@ if(isset($GET['refresh'])) { } $l10n = new OC_L10N('contacts'); -$card = OC_Contacts_VCard::find( $id ); -if( $card === false ){ - echo $l10n->t('Contact could not be found.'); - exit(); -} - -$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] ); -if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){ - echo $l10n->t('This is not your contact.'); // This is a weird error, why would it come up? (Better feedback for users?) - exit(); -} - -$content = OC_VObject::parse($card['carddata']); +$content = OC_Contacts_App::getContactVCard($id); $image = new OC_Image(); // invalid vcard if( is_null($content)){ diff --git a/apps/contacts/thumbnail.php b/apps/contacts/thumbnail.php index 36d395171a9..b981fdbe1e7 100644 --- a/apps/contacts/thumbnail.php +++ b/apps/contacts/thumbnail.php @@ -50,21 +50,7 @@ $id = $_GET['id']; $l10n = new OC_L10N('contacts'); -$card = OC_Contacts_VCard::find( $id ); -if( $card === false ){ - OC_Log::write('contacts','thumbnail.php. Contact could not be found: '.$id,OC_Log::ERROR); - getStandardImage(); - exit(); -} - -// FIXME: Is this check necessary? It just takes up CPU time. -$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] ); -if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){ - OC_Log::write('contacts','thumbnail.php. Wrong contact/addressbook - WTF?',OC_Log::ERROR); - exit(); -} - -$content = OC_VObject::parse($card['carddata']); +$content = OC_Contacts_App::getContactVCard($id); // invalid vcard if( is_null($content)){ |