aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-08-19 17:16:19 -0700
committerredmatrix <redmatrix@redmatrix.me>2015-08-19 17:16:19 -0700
commit863a9797544a80671c179355ff31c73032e88fb7 (patch)
treea2aec73797ebbb8cf3adf27f3dcf0497f0a00464
parent8d66fbccfadb136403b2e85591c34e93276c1d28 (diff)
downloadvolse-hubzilla-863a9797544a80671c179355ff31c73032e88fb7.tar.gz
volse-hubzilla-863a9797544a80671c179355ff31c73032e88fb7.tar.bz2
volse-hubzilla-863a9797544a80671c179355ff31c73032e88fb7.zip
check perms on ical attachments
-rwxr-xr-xmod/events.php9
1 files changed, 6 insertions, 3 deletions
diff --git a/mod/events.php b/mod/events.php
index 08527b930..7894f960b 100755
--- a/mod/events.php
+++ b/mod/events.php
@@ -312,9 +312,12 @@ function events_content(&$a) {
if($mode === 'ical') {
- $r = q("select * from event where event_hash = '%s' and uid = %d limit 1",
- dbesc($event_id),
- intval(local_channel())
+
+ require_once('include/security.php');
+ $sql_extra = permissions_sql(local_channel());
+
+ $r = q("select * from event where event_hash = '%s' $sql_extra limit 1",
+ dbesc($event_id)
);
if($r) {
header('Content-type: text/calendar');