diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-08-19 17:16:19 -0700 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-08-19 17:16:19 -0700 |
commit | 863a9797544a80671c179355ff31c73032e88fb7 (patch) | |
tree | a2aec73797ebbb8cf3adf27f3dcf0497f0a00464 | |
parent | 8d66fbccfadb136403b2e85591c34e93276c1d28 (diff) | |
download | volse-hubzilla-863a9797544a80671c179355ff31c73032e88fb7.tar.gz volse-hubzilla-863a9797544a80671c179355ff31c73032e88fb7.tar.bz2 volse-hubzilla-863a9797544a80671c179355ff31c73032e88fb7.zip |
check perms on ical attachments
-rwxr-xr-x | mod/events.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/mod/events.php b/mod/events.php index 08527b930..7894f960b 100755 --- a/mod/events.php +++ b/mod/events.php @@ -312,9 +312,12 @@ function events_content(&$a) { if($mode === 'ical') { - $r = q("select * from event where event_hash = '%s' and uid = %d limit 1", - dbesc($event_id), - intval(local_channel()) + + require_once('include/security.php'); + $sql_extra = permissions_sql(local_channel()); + + $r = q("select * from event where event_hash = '%s' $sql_extra limit 1", + dbesc($event_id) ); if($r) { header('Content-type: text/calendar'); |