5 files changed, 22 insertions, 19 deletions

diff --git a/apps/calendar/ajax/share/activation.php b/apps/calendar/ajax/share/activation.php
index 7d6b8fcb16e..bce8693577b 100644
--- a/apps/calendar/ajax/share/activation.php
+++ b/apps/calendar/ajax/share/activation.php
@@ -5,7 +5,7 @@
  * later.
  * See the COPYING-README file.
  */
-$id = strip_tags($_GET['id']);
-$activation = strip_tags($_GET['activation']);
+$id = strip_tags($_POST['id']);
+$activation = strip_tags($_POST['activation']);
 OC_Calendar_Share::set_active(OCP\USER::getUser(), $id, $activation);
 OCP\JSON::success();
diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php
index f3c628e8477..5aff7666f79 100644
--- a/apps/calendar/ajax/share/changepermission.php
+++ b/apps/calendar/ajax/share/changepermission.php
@@ -5,11 +5,12 @@
  * later.
  * See the COPYING-README file.
  */
- OCP\JSON::callCheck();
 
-$id = strip_tags($_GET['id']);
-$idtype = strip_tags($_GET['idtype']);
-$permission = (int) strip_tags($_GET['permission']);
+OCP\JSON::callCheck();
+
+$id = strip_tags($_POST['id']);
+$idtype = strip_tags($_POST['idtype']);
+$permission = (int) strip_tags($_POST['permission']);
 switch($idtype){
 	case 'calendar':
 	case 'event':
@@ -26,8 +27,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
 	OCP\JSON::error(array('message'=>'permission denied'));
 	exit;
 }
-$sharewith = $_GET['sharewith'];
-$sharetype = strip_tags($_GET['sharetype']);
+$sharewith = $_POST['sharewith'];
+$sharetype = strip_tags($_POST['sharetype']);
 switch($sharetype){
 	case 'user':
 	case 'group':
diff --git a/apps/calendar/ajax/share/dropdown.php b/apps/calendar/ajax/share/dropdown.php
index a3b0faca4bf..86cf4ac090e 100644
--- a/apps/calendar/ajax/share/dropdown.php
+++ b/apps/calendar/ajax/share/dropdown.php
@@ -7,7 +7,7 @@
  */
  
 $user = OCP\USER::getUser();
-$calid = $_GET['calid'];
+$calid = $_POST['calid'];
 $calendar = OC_Calendar_Calendar::find($calid);
 if($calendar['userid'] != $user){
 	OCP\JSON::error();
diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php
index babb8ce3f13..77e1ab9d657 100644
--- a/apps/calendar/ajax/share/share.php
+++ b/apps/calendar/ajax/share/share.php
@@ -5,10 +5,11 @@
  * later.
  * See the COPYING-README file.
  */
- OCP\JSON::callCheck();
+ 
+OCP\JSON::callCheck();
 
-$id = strip_tags($_GET['id']);
-$idtype = strip_tags($_GET['idtype']);
+$id = strip_tags($_POST['id']);
+$idtype = strip_tags($_POST['idtype']);
 switch($idtype){
 	case 'calendar':
 	case 'event':
@@ -25,8 +26,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
 	OCP\JSON::error(array('message'=>'permission denied'));
 	exit;
 }
-$sharewith = $_GET['sharewith'];
-$sharetype = strip_tags($_GET['sharetype']);
+$sharewith = $_POST['sharewith'];
+$sharetype = strip_tags($_POST['sharetype']);
 switch($sharetype){
 	case 'user':
 	case 'group':
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index 09264070dde..c7c06113189 100644
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -5,10 +5,11 @@
  * later.
  * See the COPYING-README file.
  */
- OCP\JSON::callCheck();
 
-$id = strip_tags($_GET['id']);
-$idtype = strip_tags($_GET['idtype']);
+OCP\JSON::callCheck();
+
+$id = strip_tags($_POST['id']);
+$idtype = strip_tags($_POST['idtype']);
 switch($idtype){
 	case 'calendar':
 	case 'event':
@@ -25,8 +26,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
 	OCP\JSON::error(array('message'=>'permission denied'));
 	exit;
 }
-$sharewith = $_GET['sharewith'];
-$sharetype = strip_tags($_GET['sharetype']);
+$sharewith = $_POST['sharewith'];
+$sharetype = strip_tags($_POST['sharetype']);
 switch($sharetype){
 	case 'user':
 	case 'group':