Julian/phpbb_board3-portal_tlw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added missing permission check for calendar events

Browse Source
This commit is contained in:
Marc Alexander
2011-07-30 21:22:09 +02:00
parent 46a55c202e
commit 8ee238ec65
1 changed files with 54 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
root/portal/modules/portal_calendar.php
View File

@@ -60,7 +60,7 @@ class portal_calendar_module
public function get_template_side($module_id) public function get_template_side($module_id)
{ {
global $config, $template, $user, $phpbb_root_path, $phpEx; global $config, $template, $user, $phpbb_root_path, $phpEx, $db;
$portal_config = obtain_portal_config(); $portal_config = obtain_portal_config();
@@ -174,11 +174,28 @@ class portal_calendar_module
} }
array_multisort($time_ary, SORT_NUMERIC, $events); array_multisort($time_ary, SORT_NUMERIC, $events);
// get user's groups
$sql = 'SELECT group_id
FROM ' . USER_GROUP_TABLE . '
WHERE user_id = ' . (int) $user->data['user_id'] . '
ORDER BY group_id ASC';
$result = $db->sql_query($sql);
while($row = $db->sql_fetchrow($result))
{
$groups_ary[] = $row['group_id'];
}
$db->sql_freeresult($result);
foreach($events as $key => $cur_event) foreach($events as $key => $cur_event)
{ {
if(($cur_event['start_time'] + $user->timezone + $user->dst) >= $today_timestamp || if(($cur_event['start_time'] + $user->timezone + $user->dst) >= $today_timestamp ||
($cur_event['end_time'] + $user->timezone + $user->dst) >= $today_timestamp || ($cur_event['end_time'] + $user->timezone + $user->dst) >= $today_timestamp ||
(($cur_event['start_time'] + $user->timezone + $user->dst + 86400) >= $today_timestamp && $cur_event['all_day'])) (($cur_event['start_time'] + $user->timezone + $user->dst + 86400) >= $today_timestamp && $cur_event['all_day']))
{
$cur_permissions = explode(',', $cur_event['permission']);
$permission_check = array_intersect($groups_ary, $cur_permissions);
if(!empty($permission_check) || $cur_event['permission'] == '')
{ {
// check if this is an external link // check if this is an external link
if (isset($cur_event['url']) && strpos($cur_event['url'], generate_board_url()) === false) if (isset($cur_event['url']) && strpos($cur_event['url'], generate_board_url()) === false)
@@ -221,6 +238,7 @@ class portal_calendar_module
} }
} }
} }
}
return 'calendar_side.html'; return 'calendar_side.html';
} }