added blacklisting of local calendars and the ability to view remote

calendars

2 files changed, 60 insertions, 29 deletions

diff --git a/functions/init.inc.php b/functions/init.inc.php
index 330b2d4..c5f3a60 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -1,17 +1,22 @@
 <?php 
+// uncomment when developing, comment for shipping version
+//error_reporting (E_ALL);
+
 // Retain some compatibility backwards like.
+/* jared.20021003 I think we're always going to make sure these are extracted by hand
+so I'll comment this out for now, otherwise, uncomment this
 if(phpversion() >= '4.2.0') 
 
 	{
 		extract($HTTP_GET_VARS);	
 		extract($HTTP_POST_VARS);
 	}
-
+*/
 include('./config.inc.php');
 include('./functions/error.php');
 
 // subscribe link prefix, doesn't need to be user configureable
-$fullpath = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$calendar_path.'/';
+
 
 
 // language support
@@ -21,10 +26,7 @@ $lang_file = './languages/'.$language.'.inc.php';
 if (file_exists($lang_file)) {
 	include($lang_file);
 } else {
-//	Not sure if we should print this warning or not. It would inform the user
-//	why the language isn't working.
-	print 'File "'.$lang_file.'" does not exist, defaulting to English<br><br>';
-	include('../languages/english.inc.php');
+	exit(error('Requested lanugage "'.$language.'" is not a supported language. Please consult the configuration file to choose a supported language.'));
 }
 
 if (isset($HTTP_GET_VARS['getdate']) && ($HTTP_GET_VARS['getdate'] !== '')) {
@@ -33,15 +35,18 @@ if (isset($HTTP_GET_VARS['getdate']) && ($HTTP_GET_VARS['getdate'] !== '')) {
 	$getdate = date('Ymd');
 }
 
-// $cal_displayname is $cal_filename with occurrences of '32' replaced with ' '
-// $cal_filename should always be the filename of the calendar without .ics
+
+
 $is_webcal = FALSE;
 if (isset($HTTP_GET_VARS['cal'])) {
-	if (substr($HTTP_GET_VARS['cal'], 0, 7) == 'http://') {
+	$cal_decoded = urldecode($HTTP_GET_VARS['cal']);
+	if (substr($cal_decoded, 0, 7) == 'http://' || substr($cal_decoded, 0, 9) == 'webcal://') {
 		$is_webcal = TRUE;
-		$cal_filename = $HTTP_GET_VARS['cal'];
+		$cal_webcalPrefix = str_replace('http://','webcal://',$cal_decoded);
+		$cal_httpPrefix = str_replace('webcal://','http://',$cal_decoded);
+		$cal_filename = $cal_httpPrefix;
 	} else {
-		$cal_filename = stripslashes(urldecode($HTTP_GET_VARS['cal']));
+		$cal_filename = stripslashes($cal_decoded);
 	}
 } else {
 	$cal_filename = $default_cal;
@@ -49,24 +54,34 @@ if (isset($HTTP_GET_VARS['cal'])) {
 
 
 if ($is_webcal) {
-	$cal_displayname = substr(str_replace('32', ' ', basename($cal_filename)), 0, -4);
-	$cal = $cal_filename;
-	$filename = $cal;
+	if ($allow_webcals == 'yes' || in_array($cal_webcalPrefix, $list_webcals) || in_array($cal_httpPrefix, $list_webcals)) {
+		$cal_displayname = substr(str_replace('32', ' ', basename($cal_filename)), 0, -4);
+		$cal = urlencode($cal_filename);
+		$filename = $cal_filename;
+		$subscribe_path = $cal_webcalPrefix;
+	} else {
+		exit(error('Remote calendars are not allowed on this server and the calendar located at '.$HTTP_GET_VARS['cal'].' is not in the list of allowed calendars. Please use the "Back" button to return.'));
+	}
 } else {
 	$cal_displayname = str_replace('32', ' ', $cal_filename);
 	$cal = urlencode($cal_filename);
-
-	if (!isset($filename)) {
-		$filename = $calendar_path.'/'.$cal_filename.'.ics';
-		if (!file_exists($filename)) {
-			$dir_handle = @opendir($calendar_path) or die('Unable to open path: '.$calendar_path);
-			while ($file = readdir($dir_handle)) {
-				if (substr($file, -4) == '.ics') {
-					$filename = $calendar_path.'/'.$file;
-					break;
+	if (in_array($cal_filename, $blacklisted_cals)) {
+		exit(error($cal_filename.' is restricted on this server. Please use the "Back" button to return.'));
+	} else {
+		if (!isset($filename)) {
+			$filename = $calendar_path.'/'.$cal_filename.'.ics';
+			if (!file_exists($filename)) {
+				$dir_handle = @opendir($calendar_path) or die('Unable to open path: '.$calendar_path);
+				while ($file = readdir($dir_handle)) {
+					if (substr($file, -4) == '.ics') {
+						$cal = urlencode(substr($file, 0, -4));
+						$filename = $calendar_path.'/'.$file;
+						break;
+					}
 				}
 			}
 		}
+		$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
 	}
 }
 ?>
\ No newline at end of file
diff --git a/functions/list_icals.php b/functions/list_icals.php
index 8ca60d1..c2635aa 100644
--- a/functions/list_icals.php
+++ b/functions/list_icals.php
@@ -15,20 +15,36 @@ if ($display_ical_list == "yes") {
 	// build the <option> tags
 	while ($file = readdir($dir_handle)) {
 		if (substr($file, -4) == ".ics") {
+			
 			// $cal_filename is the filename of the calendar without .ics
 			// $cal is a urlencoded version of $cal_filename
 			// $cal_displayname is $cal_filename with occurrences of "32" replaced with " "
 			$cal_filename_tmp = substr($file,0,-4);
 			$cal_tmp = urlencode($cal_filename_tmp);
 			$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
-			
-			if ($cal_tmp == $cal) {
-				print "<option value=\"$current_view.php?cal=$cal_tmp\" selected>$cal_displayname_tmp Calendar</option>\n";
-			} else {
-				print "<option value=\"$current_view.php?cal=$cal_tmp\">$cal_displayname_tmp Calendar</option>\n";	
-			}			
+			if (!in_array($cal_filename_tmp, $blacklisted_cals)) {
+				if ($cal_tmp == $cal) {
+					print "<option value=\"$current_view.php?cal=$cal_tmp\" selected>$cal_displayname_tmp Calendar</option>\n";
+				} else {
+					print "<option value=\"$current_view.php?cal=$cal_tmp\">$cal_displayname_tmp Calendar</option>\n";	
+				}		
+			}	
 		}
 	}			
+	foreach($list_webcals as $cal_tmp) {
+		if ($cal_tmp != '') {
+			$cal_displayname_tmp = basename($cal_tmp);
+			$cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
+			$cal_displayname_tmp = substr($cal_displayname_tmp,0,-4);
+			$cal_encoded_tmp = urlencode($cal_tmp);
+			if ($cal_tmp == $cal_httpPrefix || $cal_tmp == $cal_webcalPrefix) {
+				print "<option value=\"$current_view.php?cal=$cal_encoded_tmp\" selected>$cal_displayname_tmp Webcal</option>\n";
+			} else {
+				print "<option value=\"$current_view.php?cal=$cal_encoded_tmp\">$cal_displayname_tmp Webcal</option>\n";	
+			}		
+		}
+	}
+	
 	
 	// close file
 	closedir($dir_handle);