extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-09 23:48:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Calendar/eMail: fixed sql error when clicking on iCal attachment and probably other iCal imports

Browse Source
This commit is contained in:
Ralf Becker 2012-09-28 09:31:41 +00:00
parent 034c431974
commit bf66b8348f
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
calendar/inc/class.calendar_so.inc.php
View File

@ -524,17 +524,20 @@ class calendar_so
$where[] = '('.((int)$start).' < range_end OR range_end IS NULL)'; $where[] = '('.((int)$start).' < range_end OR range_end IS NULL)';
} }
} }
if (!preg_match('/^[a-z_ ,c]+$/i',$params['order'])) $params['order'] = 'cal_start'; // gard against SQL injection
// if not enum recuring events, we have to use minimum start- AND end-dates, otherwise we get more then one event per cal_id! // if not enum recuring events, we have to use minimum start- AND end-dates, otherwise we get more then one event per cal_id!
if (!$params['enum_recuring']) if (!$params['enum_recuring'])
{ {
$where[] = "$this->user_table.cal_recur_date=0"; $where[] = "$this->user_table.cal_recur_date=0";
$cols = str_replace(array('cal_start','cal_end'),array('range_start AS cal_start','(SELECT MIN(cal_end) FROM egw_cal_dates WHERE egw_cal.cal_id=egw_cal_dates.cal_id) AS cal_end'),$cols); $cols = str_replace(array('cal_start','cal_end'),array('range_start AS cal_start','(SELECT MIN(cal_end) FROM egw_cal_dates WHERE egw_cal.cal_id=egw_cal_dates.cal_id) AS cal_end'),$cols);
// in case cal_start is used in a query, eg. calendar_ical::find_event
$where = str_replace(array('cal_start','cal_end'), array('range_start','(SELECT MIN(cal_end) FROM egw_cal_dates WHERE egw_cal.cal_id=egw_cal_dates.cal_id)'), $where);
$params['order'] = str_replace('cal_start', 'range_start', $params['order']);
if ($end) $where[] = (int)$end.' > range_start'; if ($end) $where[] = (int)$end.' > range_start';
} }
elseif ($end) $where[] = (int)$end.' > cal_start'; elseif ($end) $where[] = (int)$end.' > cal_start';
if (!preg_match('/^[a-z_ ,c]+$/i',$params['order'])) $params['order'] = 'cal_start'; // gard against SQL injection
if ($remove_rejected_by_user && $filter != 'everything') if ($remove_rejected_by_user && $filter != 'everything')
{ {
$rejected_by_user_join = "LEFT JOIN $this->user_table rejected_by_user". $rejected_by_user_join = "LEFT JOIN $this->user_table rejected_by_user".