From 9b88d26899f8a36635852b5a882f153849fa75ed Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Fri, 20 Apr 2001 03:41:35 +0000 Subject: [PATCH] Add acl check. This should halfway fix bug #417302 --- addressbook/vcardout.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/addressbook/vcardout.php b/addressbook/vcardout.php index 6c541d75d7..fadb3c70bf 100644 --- a/addressbook/vcardout.php +++ b/addressbook/vcardout.php @@ -40,6 +40,17 @@ $this = CreateObject("phpgwapi.contacts"); + // First, make sure they have permission to this entry + $check = addressbook_read_entry($ab_id,array('owner' => 'owner')); + $perms = $this->check_perms($this->grants[$check[0]['owner']],PHPGW_ACL_READ); + + if ( (!$perms) && ($check[0]['owner'] != $phpgw_info['user']['account_id']) ) + { + Header("Location: " + . $phpgw->link('/addressbook/index.php',"cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query&cat_id=$cat_id")); + $phpgw->common->phpgw_exit(); + } + $extrafields = array("address2" => "address2"); $qfields = $this->stock_contact_fields + $extrafields;