extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 10:02:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Security Holes !!!

Browse Source 
Users, who is not access to others calendars, can view user's availability.
This commit is contained in:
bgigon 2004-09-28 15:21:38 +00:00
parent eaa7200b60
commit 7f3e46b87e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
calendar/inc/class.uicalendar.inc.php
View File

@ -3058,6 +3058,10 @@ return;
$overlap .= '<ul>';
foreach($overlapped_event['participants'] as $id => $status)
{
// Check if user can be view others participants
if($GLOBALS["phpgw"]->acl->get_rights($id, "calendar") < PHPGW_ACL_READ)
continue;
$conflict = isset($event['participants'][$id]);
$overlap .= '<li>'.($conflict?'<b>':'').
$GLOBALS['phpgw']->common->grab_owner_name($id).