From 863a9797544a80671c179355ff31c73032e88fb7 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Wed, 19 Aug 2015 17:16:19 -0700
Subject: check perms on ical attachments

---
 mod/events.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mod/events.php b/mod/events.php
index 08527b930..7894f960b 100755
--- a/mod/events.php
+++ b/mod/events.php
@@ -312,9 +312,12 @@ function events_content(&$a) {
 
 
 	if($mode === 'ical') {
-		$r = q("select * from event where event_hash = '%s' and uid = %d limit 1",
-			dbesc($event_id),
-			intval(local_channel())
+
+		require_once('include/security.php');
+		$sql_extra = permissions_sql(local_channel());
+
+		$r = q("select * from event where event_hash = '%s' $sql_extra limit 1",
+			dbesc($event_id)
 		);
 		if($r) { 
 			header('Content-type: text/calendar');
-- 
cgit v1.2.3