Security Holes !!!

Users, who is not access to others calendars, can view user's availability.
This commit is contained in:
bgigon 2004-09-28 15:21:38 +00:00
parent eaa7200b60
commit 7f3e46b87e

View File

@ -3058,6 +3058,10 @@ return;
$overlap .= '<ul>';
foreach($overlapped_event['participants'] as $id => $status)
{
// Check if user can be view others participants
if($GLOBALS["phpgw"]->acl->get_rights($id, "calendar") < PHPGW_ACL_READ)
continue;
$conflict = isset($event['participants'][$id]);
$overlap .= '<li>'.($conflict?'<b>':'').
$GLOBALS['phpgw']->common->grab_owner_name($id).