diff options
Diffstat (limited to 'apps')
| -rwxr-xr-x | apps/calendar/ajax/share/unshare.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php index cbd5ed8e505..fe7c98452d7 100755 --- a/apps/calendar/ajax/share/unshare.php +++ b/apps/calendar/ajax/share/unshare.php @@ -16,6 +16,14 @@ switch($idtype){ OCP\JSON::error(array('message'=>'unexspected parameter')); exit; } +if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} +if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} $sharewith = $_GET['sharewith']; $sharetype = strip_tags($_GET['sharetype']); switch($sharetype){ |