holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security Holes !!!

Browse Source 
Users, who is not access to others calendars, can view user's availability.
This commit is contained in:
bgigon 2004-09-28 15:21:38 +00:00
parent eaa7200b60
commit 7f3e46b87e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
calendar/inc/class.uicalendar.inc.php
View File

@ -3058,6 +3058,10 @@ return;
$overlap .= '<ul>'; $overlap .= '<ul>';
foreach($overlapped_event['participants'] as $id => $status) foreach($overlapped_event['participants'] as $id => $status)
{ {
// Check if user can be view others participants
if($GLOBALS["phpgw"]->acl->get_rights($id, "calendar") < PHPGW_ACL_READ)
continue;
$conflict = isset($event['participants'][$id]); $conflict = isset($event['participants'][$id]);
$overlap .= '<li>'.($conflict?'<b>':''). $overlap .= '<li>'.($conflict?'<b>':'').
$GLOBALS['phpgw']->common->grab_owner_name($id). $GLOBALS['phpgw']->common->grab_owner_name($id).