aboutsummaryrefslogtreecommitdiffstats
path: root/apps/calendar/ajax/events.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/calendar/ajax/events.php')
-rwxr-xr-xapps/calendar/ajax/events.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php
index b686aff1c72..96ee6775f7f 100755
--- a/apps/calendar/ajax/events.php
+++ b/apps/calendar/ajax/events.php
@@ -21,6 +21,11 @@ if($_GET['calendar_id'] == 'shared'){
$events = array_merge($events, $calendarevents);
}
}else{
+ $calendar = OC_Calendar_Calendar::find($_GET['calendar_id']);
+ if($calendar['userid'] != OC_User::getUser()){
+ OC_JSON::error();
+ exit;
+ }
$events = OC_Calendar_Object::allInPeriod($_GET['calendar_id'], $start, $end);
}
$user_timezone = OC_Preferences::getValue(OC_USER::getUser(), 'calendar', 'timezone', date_default_timezone_get());
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-28 13:00:07 +0000