nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-04-29 15:51:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Block invalid tickets from having access.

Browse Source 
Signed-off-by: Andrew McMillan <andrew@morphoss.com>
This commit is contained in:
Andrew McMillan 2011-01-15 16:42:59 +13:00
parent ed7ffea332
commit 8f25a8a393
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/public.php
View File

@ -20,11 +20,14 @@ header( "DAV: $dav");
require_once("CalDAVRequest.php");
$request = new CalDAVRequest();
if ( !isset($request->ticket) && !$request->IsPublic()
|| (isset($request->ticket) && $request->ticket->expired ) ) {
if ( ! $request->IsPublic()
|| ! isset($request->ticket)
|| $request->ticket->expired
|| ! $request->ticket->MatchesPath($request->path) ) {
$request->DoResponse( 403, translate('Anonymous users may only access public calendars') );
}
switch ( $request->method ) {
case 'OPTIONS': include_once("caldav-OPTIONS.php"); break;
case 'REPORT': include_once("caldav-REPORT.php"); break;