mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-23 23:29:31 +01:00
not returning deleted entries for read, as they might have identical UID for caldav_name as a non-deleted entry and would therefore block access to these
This commit is contained in:
parent
0de2f3c527
commit
23584253fd
@ -534,12 +534,22 @@ class addressbook_groupdav extends groupdav_handler
|
||||
/**
|
||||
* Read a contact
|
||||
*
|
||||
* We have to make sure to not return or even consider in read deleted contacts, as the might have
|
||||
* the same UID and/or carddav_name as not deleted contacts and would block access to valid entries
|
||||
*
|
||||
* @param string|id $id
|
||||
* @return array/boolean array with entry, false if no read rights, null if $id does not exist
|
||||
*/
|
||||
function read($id)
|
||||
{
|
||||
$contact = $this->bo->read(array(self::$path_attr => $id));
|
||||
static $non_deleted_tids;
|
||||
if (is_null($non_deleted_tids))
|
||||
{
|
||||
$non_deleted_tids = $this->bo->content_types;
|
||||
unset($non_deleted_tids[addressbook_so::DELETED_TYPE]);
|
||||
$non_deleted_tids = array_keys($non_deleted_tids);
|
||||
}
|
||||
$contact = $this->bo->read(array(self::$path_attr => $id, 'tid' => $non_deleted_tids));
|
||||
|
||||
if ($contact && $contact['tid'] == addressbook_so::DELETED_TYPE)
|
||||
{
|
||||
|
@ -925,6 +925,9 @@ class calendar_groupdav extends groupdav_handler
|
||||
/**
|
||||
* Read an entry
|
||||
*
|
||||
* We have to make sure to not return or even consider in read deleted events, as the might have
|
||||
* the same UID and/or caldav_name as not deleted events and would block access to valid entries
|
||||
*
|
||||
* @param string|id $id
|
||||
* @return array|boolean array with entry, false if no read rights, null if $id does not exist
|
||||
*/
|
||||
@ -932,7 +935,7 @@ class calendar_groupdav extends groupdav_handler
|
||||
{
|
||||
if (strpos($column=self::$path_attr,'_') === false) $column = 'cal_'.$column;
|
||||
|
||||
$event = $this->bo->read(array($column => $id), null, true, 'server');
|
||||
$event = $this->bo->read(array($column => $id, 'cal_deleted IS NULL'), null, true, 'server');
|
||||
if ($event) $event = array_shift($event); // read with array as 1. param, returns an array of events!
|
||||
|
||||
if (!($retval = $this->bo->check_perms(EGW_ACL_FREEBUSY,$event, 0, 'server')))
|
||||
|
@ -547,7 +547,7 @@ class infolog_bo
|
||||
function &read($info_id,$run_link_id2from=true,$date_format='ts')
|
||||
{
|
||||
//error_log(__METHOD__.'('.array2string($info_id).', '.array2string($run_link_id2from).", '$date_format') ".function_backtrace());
|
||||
if (is_scalar($info_id) || isset($info_id[0]))
|
||||
if (is_scalar($info_id) || isset($info_id[count($info_id)-1]))
|
||||
{
|
||||
if (is_scalar($info_id) && !is_numeric($info_id))
|
||||
{
|
||||
|
@ -462,12 +462,15 @@ class infolog_groupdav extends groupdav_handler
|
||||
/**
|
||||
* Read an entry
|
||||
*
|
||||
* We have to make sure to not return or even consider in read deleted infologs, as the might have
|
||||
* the same UID and/or caldav_name as not deleted ones and would block access to valid entries
|
||||
*
|
||||
* @param string|id $id
|
||||
* @return array|boolean array with entry, false if no read rights, null if $id does not exist
|
||||
*/
|
||||
function read($id)
|
||||
{
|
||||
return $this->bo->read(array(self::$path_attr => $id),false,'server');
|
||||
return $this->bo->read(array(self::$path_attr => $id, "info_status!='deleted'"),false,'server');
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user