harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

do not allow editing events that do not belong to us

Browse Source
This commit is contained in:
Mario Vavti 2019-04-30 12:08:19 +02:00
parent 0b062d0b8a
commit a04689b784
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Zotlabs/Module/Channel_calendar.php
View File

@ -148,6 +148,11 @@ class Channel_calendar extends \Zotlabs\Web\Controller {
return; return;
} }
if($x[0]['event_xchan'] !== $channel['xchan_hash']) {
notice( t('Not allowed.') . EOL);
return;
}
$acl->set($x[0]); $acl->set($x[0]);
$created = $x[0]['created']; $created = $x[0]['created'];

6
view/tpl/cdav_calendar.tpl
View File

@ -322,7 +322,11 @@ $(document).ready(function() {
$('#id_categories').tagsinput('add', '{{$categories}}'), $('#id_categories').tagsinput('add', '{{$categories}}'),
$('#id_description').val(resource.description); $('#id_description').val(resource.description);
$('#id_location').val(resource.location); $('#id_location').val(resource.location);
$('#event_submit').html('{{$update}}');
if(resource.event_xchan !== '{{$channel_hash}}')
$('#event_submit').hide();
else
$('#event_submit').html('{{$update}}');
} }
}); });