From da65252d9b5ef37a536565adc475a1e51b86bcae Mon Sep 17 00:00:00 2001
From: bgigon <bgigon@alumni.egroupware.org>
Date: Wed, 31 Mar 2004 15:34:33 +0000
Subject: [PATCH] Add more security in "participants matrixview" code

---
 calendar/inc/class.uicalendar.inc.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/calendar/inc/class.uicalendar.inc.php b/calendar/inc/class.uicalendar.inc.php
index d691104e36..859f291cb8 100755
--- a/calendar/inc/class.uicalendar.inc.php
+++ b/calendar/inc/class.uicalendar.inc.php
@@ -1243,7 +1243,7 @@
 					$this->bo->set_class(True);
 				}
 				// Add participants
-				$participants = explode(";", base64_decode($participants));
+				$participants = explode(";", $GLOBALS['phpgw_session']['phpgw_app_sessions']["calendar"]["participants"]['content']);
 				for($_f_part=0; $_f_part<count($participants); $_f_part++)
 				{
 					$this->bo->add_attribute('participants','A',$participants[$_f_part]);
@@ -2274,6 +2274,9 @@
 			}
 			$participants = array_keys($parts);	// get id's as values and a numeric index
 
+			// Defined - into session - who participates
+			$GLOBALS['phpgw']->session->appsession("participants", NULL, implode(";", $participants));
+
 			unset($GLOBALS['phpgw_info']['flags']['noheader']);
 			unset($GLOBALS['phpgw_info']['flags']['nonavbar']);
 			if ($this->always_app_header) $GLOBALS['phpgw_info']['flags']['app_header'] = $GLOBALS['phpgw_info']['apps']['calendar']['title'].' - '.lang('Matrixview');
@@ -3642,7 +3645,7 @@
 					$k = ($j == 0 ? sprintf('%02d',$i).'<br>':'').sprintf('%02d',$j*$increment);
 
 					$str .= '<td align="left" bgcolor="'.$this->theme['bg_color'].'"><font color="'.$phpgw_info['theme']['bg_text'].'" face="'.$this->theme['font'].'" size="-2">'
-						. '<a href="'.$this->page('add','&date='.$date['full'].'&hour='.$i.'&minute='.($increment * $j) . '&participants=' . base64_encode(implode(";", $participants_id)) )."\" onMouseOver=\"window.status='".$i.':'.(($increment * $j)<=9?'0':'').($increment * $j)."'; return true;\">"
+						. '<a href="'.$this->page('add','&date='.$date['full'].'&hour='.$i.'&minute='.($increment * $j))."\" onMouseOver=\"window.status='".$i.':'.(($increment * $j)<=9?'0':'').($increment * $j)."'; return true;\">"
 						. $k."</a>&nbsp;</font></td>\n";
 				}
 			}