From 9bb339e291567eaf5a3fbd4ba62d8a39cd414491 Mon Sep 17 00:00:00 2001
From: Andrew McMillan <andrew@morphoss.com>
Date: Wed, 8 Dec 2010 12:57:12 +1300
Subject: [PATCH] Cut access with invalid/expired tickets out immediately.

Signed-off-by: Andrew McMillan <andrew@morphoss.com>
---
 htdocs/public.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/public.php b/htdocs/public.php
index 6e5a2a37..4d15c9b8 100644
--- a/htdocs/public.php
+++ b/htdocs/public.php
@@ -20,7 +20,8 @@ header( "DAV: $dav");
 
 require_once("CalDAVRequest.php");
 $request = new CalDAVRequest();
-if ( !isset($request->ticket) && !$request->IsPublic() ) {
+if ( !isset($request->ticket) && !$request->IsPublic()
+       || (isset($request->ticket) && $request->ticket->expired ) ) {
   $request->DoResponse( 403, translate('Anonymous users may only access public calendars') );
 }