diff options
author | Wesley Miaw <josuah@users.sourceforge.net> | 2003-10-16 19:01:49 +0000 |
---|---|---|
committer | Wesley Miaw <josuah@users.sourceforge.net> | 2003-10-16 19:01:49 +0000 |
commit | a9098cd72fa0513d708dfbbeb4b341799c1542fd (patch) | |
tree | 89a9c82c2f2c6e60cbb58852cde813f3245e7d26 | |
parent | d079ce9a00faad799a22f9dad3cf319de10accc3 (diff) | |
download | phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.tar.gz phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.tar.bz2 phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.zip |
Do not include subscribe and download links for calendars referenced
by an absolute path or with a relative path going up (i.e. ../).
-rw-r--r-- | functions/init.inc.php | 8 | ||||
-rw-r--r-- | includes/calendar_nav.php | 2 | ||||
-rw-r--r-- | includes/sidebar.php | 2 |
3 files changed, 7 insertions, 5 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 9a50fc6..e4eb831 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -136,15 +136,17 @@ if ($is_webcal) { } // Sets the download and subscribe paths from the config if present. - if ($download_uri == '') { + if ($download_uri == '' && preg_match('/(^\/|..\/)/', $filename) == 0) { $subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename; $download_filename = $filename; - } else { + } else if ($download_uri != '') { $newurl = eregi_replace("^(http://)", "", $download_uri); $subscribe_path = 'webcal://'.$newurl.'/'.$cal_filename.'.ics'; $download_filename = $download_uri.'/'.$cal_filename.'.ics'; + } else { + $subscribe_path = ''; + $download_filename = ''; } - } } ?> diff --git a/includes/calendar_nav.php b/includes/calendar_nav.php index 132fa2d..959277a 100644 --- a/includes/calendar_nav.php +++ b/includes/calendar_nav.php @@ -140,7 +140,7 @@ echo "<a class=\"psf\" href=\"year.php?cal=$cal&getdate=$really_today_today\">$goyear_lang</a><br>\n"; echo "<a class=\"psf\" href=\"print.php?cal=$cal&getdate=$getdate&printview=$current_view\">$goprint_lang</a><br>\n"; if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&getdate=$getdate\">$preferences_lang</a><br>\n"; - if ($cal != $ALL_CALENDARS_COMBINED) echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a> | <a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n"; + if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a> | <a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n"; ?> </td> </tr> diff --git a/includes/sidebar.php b/includes/sidebar.php index 6456a73..bdaa08c 100644 --- a/includes/sidebar.php +++ b/includes/sidebar.php @@ -34,7 +34,7 @@ $search_box = '<form style="margin-bottom:0;" action="search.php" method="GET">< echo "<a class=\"psf\" href=\"year.php?cal=$cal&getdate=$really_today_today\">$goyear_lang</a><br>\n"; echo "<a class=\"psf\" href=\"print.php?cal=$cal&getdate=$getdate&printview=$current_view\">$goprint_lang</a><br>\n"; if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&getdate=$getdate\">$preferences_lang</a><br>\n"; - if ($cal != $ALL_CALENDARS_COMBINED) echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a> | <a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n"; + if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a> | <a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n"; echo '</span></div>'; ?> </td> |