diff options
author | jwangen <jwangen> | 2002-10-04 07:41:57 +0000 |
---|---|---|
committer | jwangen <jwangen> | 2002-10-04 07:41:57 +0000 |
commit | 9d2eafe2e806a86b5617ed98040fd8667066f852 (patch) | |
tree | 364dbc09e14e6994bc92199fee9e80eb7b1e6082 /functions/init.inc.php | |
parent | e3fd5651b14606708e5e223aa13d7efbc7400cfe (diff) | |
download | phpicalendar-9d2eafe2e806a86b5617ed98040fd8667066f852.tar.gz phpicalendar-9d2eafe2e806a86b5617ed98040fd8667066f852.tar.bz2 phpicalendar-9d2eafe2e806a86b5617ed98040fd8667066f852.zip |
added blacklisting of local calendars and the ability to view remote
calendars
Diffstat (limited to 'functions/init.inc.php')
-rw-r--r-- | functions/init.inc.php | 61 |
1 files changed, 38 insertions, 23 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 330b2d4..c5f3a60 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -1,17 +1,22 @@ <?php +// uncomment when developing, comment for shipping version +//error_reporting (E_ALL); + // Retain some compatibility backwards like. +/* jared.20021003 I think we're always going to make sure these are extracted by hand +so I'll comment this out for now, otherwise, uncomment this if(phpversion() >= '4.2.0') { extract($HTTP_GET_VARS); extract($HTTP_POST_VARS); } - +*/ include('./config.inc.php'); include('./functions/error.php'); // subscribe link prefix, doesn't need to be user configureable -$fullpath = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$calendar_path.'/'; + // language support @@ -21,10 +26,7 @@ $lang_file = './languages/'.$language.'.inc.php'; if (file_exists($lang_file)) { include($lang_file); } else { -// Not sure if we should print this warning or not. It would inform the user -// why the language isn't working. - print 'File "'.$lang_file.'" does not exist, defaulting to English<br><br>'; - include('../languages/english.inc.php'); + exit(error('Requested lanugage "'.$language.'" is not a supported language. Please consult the configuration file to choose a supported language.')); } if (isset($HTTP_GET_VARS['getdate']) && ($HTTP_GET_VARS['getdate'] !== '')) { @@ -33,15 +35,18 @@ if (isset($HTTP_GET_VARS['getdate']) && ($HTTP_GET_VARS['getdate'] !== '')) { $getdate = date('Ymd'); } -// $cal_displayname is $cal_filename with occurrences of '32' replaced with ' ' -// $cal_filename should always be the filename of the calendar without .ics + + $is_webcal = FALSE; if (isset($HTTP_GET_VARS['cal'])) { - if (substr($HTTP_GET_VARS['cal'], 0, 7) == 'http://') { + $cal_decoded = urldecode($HTTP_GET_VARS['cal']); + if (substr($cal_decoded, 0, 7) == 'http://' || substr($cal_decoded, 0, 9) == 'webcal://') { $is_webcal = TRUE; - $cal_filename = $HTTP_GET_VARS['cal']; + $cal_webcalPrefix = str_replace('http://','webcal://',$cal_decoded); + $cal_httpPrefix = str_replace('webcal://','http://',$cal_decoded); + $cal_filename = $cal_httpPrefix; } else { - $cal_filename = stripslashes(urldecode($HTTP_GET_VARS['cal'])); + $cal_filename = stripslashes($cal_decoded); } } else { $cal_filename = $default_cal; @@ -49,24 +54,34 @@ if (isset($HTTP_GET_VARS['cal'])) { if ($is_webcal) { - $cal_displayname = substr(str_replace('32', ' ', basename($cal_filename)), 0, -4); - $cal = $cal_filename; - $filename = $cal; + if ($allow_webcals == 'yes' || in_array($cal_webcalPrefix, $list_webcals) || in_array($cal_httpPrefix, $list_webcals)) { + $cal_displayname = substr(str_replace('32', ' ', basename($cal_filename)), 0, -4); + $cal = urlencode($cal_filename); + $filename = $cal_filename; + $subscribe_path = $cal_webcalPrefix; + } else { + exit(error('Remote calendars are not allowed on this server and the calendar located at '.$HTTP_GET_VARS['cal'].' is not in the list of allowed calendars. Please use the "Back" button to return.')); + } } else { $cal_displayname = str_replace('32', ' ', $cal_filename); $cal = urlencode($cal_filename); - - if (!isset($filename)) { - $filename = $calendar_path.'/'.$cal_filename.'.ics'; - if (!file_exists($filename)) { - $dir_handle = @opendir($calendar_path) or die('Unable to open path: '.$calendar_path); - while ($file = readdir($dir_handle)) { - if (substr($file, -4) == '.ics') { - $filename = $calendar_path.'/'.$file; - break; + if (in_array($cal_filename, $blacklisted_cals)) { + exit(error($cal_filename.' is restricted on this server. Please use the "Back" button to return.')); + } else { + if (!isset($filename)) { + $filename = $calendar_path.'/'.$cal_filename.'.ics'; + if (!file_exists($filename)) { + $dir_handle = @opendir($calendar_path) or die('Unable to open path: '.$calendar_path); + while ($file = readdir($dir_handle)) { + if (substr($file, -4) == '.ics') { + $cal = urlencode(substr($file, 0, -4)); + $filename = $calendar_path.'/'.$file; + break; + } } } } + $subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename; } } ?>
\ No newline at end of file |