From b2a3bf96a0d2fc2070975eadacc695208060e300 Mon Sep 17 00:00:00 2001
From: Christian Binder <christian@jaytraxx.de>
Date: Thu, 29 Oct 2009 09:25:54 +0000
Subject: [PATCH] improved privacy on conflicting events - only check ACLs for
 invited participants and not all participant ACLs from conflicting event

---
 calendar/inc/class.calendar_boupdate.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/calendar/inc/class.calendar_boupdate.inc.php b/calendar/inc/class.calendar_boupdate.inc.php
index 414203c6e3..81ecdbeb3f 100644
--- a/calendar/inc/class.calendar_boupdate.inc.php
+++ b/calendar/inc/class.calendar_boupdate.inc.php
@@ -224,12 +224,13 @@ class calendar_boupdate extends calendar_bo
 			{
 				foreach($conflicts as $key => $conflict)
 				{
+					$conflict['participants'] = array_intersect_key($conflict['participants'],$event['participants']);
 					if (!$this->check_perms(EGW_ACL_READ,$conflict))
 					{
 						$conflicts[$key] = array(
 							'id'    => $conflict['id'],
 							'title' => lang('busy'),
-							'participants' => array_intersect_key($conflict['participants'],$event['participants']),
+							'participants' => $conflict['participants'],
 							'start' => $conflict['start'],
 							'end'   => $conflict['end'],
 						);