forked from extern/egroupware
Security Holes !!!
Users, who is not access to others calendars, can view user's availability.
This commit is contained in:
parent
eaa7200b60
commit
7f3e46b87e
@ -3058,6 +3058,10 @@ return;
|
||||
$overlap .= '<ul>';
|
||||
foreach($overlapped_event['participants'] as $id => $status)
|
||||
{
|
||||
// Check if user can be view others participants
|
||||
if($GLOBALS["phpgw"]->acl->get_rights($id, "calendar") < PHPGW_ACL_READ)
|
||||
continue;
|
||||
|
||||
$conflict = isset($event['participants'][$id]);
|
||||
$overlap .= '<li>'.($conflict?'<b>':'').
|
||||
$GLOBALS['phpgw']->common->grab_owner_name($id).
|
||||
|
Loading…
Reference in New Issue
Block a user