[Pkg-owncloud-commits] [owncloud] 29/73: back port better input validation in calendar from apps repo

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.

commit b37d31815988e860360384b0395c17f19b7bde03
Author: Georg Ehrke <dev at georgswebsite.de>
Date:   Fri Aug 31 14:27:03 2012 +0200

    back port better input validation in calendar from apps repo
---
 apps/calendar/ajax/event/new.php |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/apps/calendar/ajax/event/new.php b/apps/calendar/ajax/event/new.php
index bc0439c..02e2a08 100644
--- a/apps/calendar/ajax/event/new.php
+++ b/apps/calendar/ajax/event/new.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright (c) 2011 Georg Ehrke <ownclouddev at georgswebsite dot de>
+ * Copyright (c) 2012 Georg Ehrke <ownclouddev at georgswebsite dot de>
  * This file is licensed under the Affero General Public License version 3 or
  * later.
  * See the COPYING-README file.
@@ -19,6 +19,12 @@ if($errarr){
 	exit;
 }else{
 	$cal = $_POST['calendar'];
+	$calendar = OC_Calendar_Calendar::find($cal);
+	if($calendar['userid'] != OCP\USER::getUser()){
+		$l = OC_L10N::get('core');
+		OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+		exit();
+	}
 	$vcalendar = OC_Calendar_Object::createVCalendarFromRequest($_POST);
 	$result = OC_Calendar_Object::add($cal, $vcalendar->serialize());
 	OCP\JSON::success();

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git