aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWesley Miaw <josuah@users.sourceforge.net>2003-10-16 19:01:49 +0000
committerWesley Miaw <josuah@users.sourceforge.net>2003-10-16 19:01:49 +0000
commita9098cd72fa0513d708dfbbeb4b341799c1542fd (patch)
tree89a9c82c2f2c6e60cbb58852cde813f3245e7d26
parentd079ce9a00faad799a22f9dad3cf319de10accc3 (diff)
downloadphpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.tar.gz
phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.tar.bz2
phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.zip
Do not include subscribe and download links for calendars referenced
by an absolute path or with a relative path going up (i.e. ../).
Diffstat
-rw-r--r--functions/init.inc.php8
-rw-r--r--includes/calendar_nav.php2
-rw-r--r--includes/sidebar.php2
3 files changed, 7 insertions, 5 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php
index 9a50fc6..e4eb831 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -136,15 +136,17 @@ if ($is_webcal) {
}
// Sets the download and subscribe paths from the config if present.
- if ($download_uri == '') {
+ if ($download_uri == '' && preg_match('/(^\/|..\/)/', $filename) == 0) {
$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
$download_filename = $filename;
- } else {
+ } else if ($download_uri != '') {
$newurl = eregi_replace("^(http://)", "", $download_uri);
$subscribe_path = 'webcal://'.$newurl.'/'.$cal_filename.'.ics';
$download_filename = $download_uri.'/'.$cal_filename.'.ics';
+ } else {
+ $subscribe_path = '';
+ $download_filename = '';
}
-
}
}
?>
diff --git a/includes/calendar_nav.php b/includes/calendar_nav.php
index 132fa2d..959277a 100644
--- a/includes/calendar_nav.php
+++ b/includes/calendar_nav.php
@@ -140,7 +140,7 @@
echo "<a class=\"psf\" href=\"year.php?cal=$cal&amp;getdate=$really_today_today\">$goyear_lang</a><br>\n";
echo "<a class=\"psf\" href=\"print.php?cal=$cal&amp;getdate=$getdate&amp;printview=$current_view\">$goprint_lang</a><br>\n";
if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&amp;getdate=$getdate\">$preferences_lang</a><br>\n";
- if ($cal != $ALL_CALENDARS_COMBINED) echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
+ if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
?>
</td>
</tr>
diff --git a/includes/sidebar.php b/includes/sidebar.php
index 6456a73..bdaa08c 100644
--- a/includes/sidebar.php
+++ b/includes/sidebar.php
@@ -34,7 +34,7 @@ $search_box = '<form style="margin-bottom:0;" action="search.php" method="GET"><
echo "<a class=\"psf\" href=\"year.php?cal=$cal&amp;getdate=$really_today_today\">$goyear_lang</a><br>\n";
echo "<a class=\"psf\" href=\"print.php?cal=$cal&amp;getdate=$getdate&amp;printview=$current_view\">$goprint_lang</a><br>\n";
if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&amp;getdate=$getdate\">$preferences_lang</a><br>\n";
- if ($cal != $ALL_CALENDARS_COMBINED) echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
+ if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
echo '</span></div>';
?>
</td>

© 2014-2024 Faster IT GmbH | imprint | privacy policy