diff options
author | jwangen <jwangen> | 2002-10-04 07:41:57 +0000 |
---|---|---|
committer | jwangen <jwangen> | 2002-10-04 07:41:57 +0000 |
commit | 9d2eafe2e806a86b5617ed98040fd8667066f852 (patch) | |
tree | 364dbc09e14e6994bc92199fee9e80eb7b1e6082 /functions | |
parent | e3fd5651b14606708e5e223aa13d7efbc7400cfe (diff) | |
download | phpicalendar-9d2eafe2e806a86b5617ed98040fd8667066f852.tar.gz phpicalendar-9d2eafe2e806a86b5617ed98040fd8667066f852.tar.bz2 phpicalendar-9d2eafe2e806a86b5617ed98040fd8667066f852.zip |
added blacklisting of local calendars and the ability to view remote
calendars
Diffstat (limited to 'functions')
-rw-r--r-- | functions/init.inc.php | 61 | ||||
-rw-r--r-- | functions/list_icals.php | 28 |
2 files changed, 60 insertions, 29 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 330b2d4..c5f3a60 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -1,17 +1,22 @@ <?php +// uncomment when developing, comment for shipping version +//error_reporting (E_ALL); + // Retain some compatibility backwards like. +/* jared.20021003 I think we're always going to make sure these are extracted by hand +so I'll comment this out for now, otherwise, uncomment this if(phpversion() >= '4.2.0') { extract($HTTP_GET_VARS); extract($HTTP_POST_VARS); } - +*/ include('./config.inc.php'); include('./functions/error.php'); // subscribe link prefix, doesn't need to be user configureable -$fullpath = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$calendar_path.'/'; + // language support @@ -21,10 +26,7 @@ $lang_file = './languages/'.$language.'.inc.php'; if (file_exists($lang_file)) { include($lang_file); } else { -// Not sure if we should print this warning or not. It would inform the user -// why the language isn't working. - print 'File "'.$lang_file.'" does not exist, defaulting to English<br><br>'; - include('../languages/english.inc.php'); + exit(error('Requested lanugage "'.$language.'" is not a supported language. Please consult the configuration file to choose a supported language.')); } if (isset($HTTP_GET_VARS['getdate']) && ($HTTP_GET_VARS['getdate'] !== '')) { @@ -33,15 +35,18 @@ if (isset($HTTP_GET_VARS['getdate']) && ($HTTP_GET_VARS['getdate'] !== '')) { $getdate = date('Ymd'); } -// $cal_displayname is $cal_filename with occurrences of '32' replaced with ' ' -// $cal_filename should always be the filename of the calendar without .ics + + $is_webcal = FALSE; if (isset($HTTP_GET_VARS['cal'])) { - if (substr($HTTP_GET_VARS['cal'], 0, 7) == 'http://') { + $cal_decoded = urldecode($HTTP_GET_VARS['cal']); + if (substr($cal_decoded, 0, 7) == 'http://' || substr($cal_decoded, 0, 9) == 'webcal://') { $is_webcal = TRUE; - $cal_filename = $HTTP_GET_VARS['cal']; + $cal_webcalPrefix = str_replace('http://','webcal://',$cal_decoded); + $cal_httpPrefix = str_replace('webcal://','http://',$cal_decoded); + $cal_filename = $cal_httpPrefix; } else { - $cal_filename = stripslashes(urldecode($HTTP_GET_VARS['cal'])); + $cal_filename = stripslashes($cal_decoded); } } else { $cal_filename = $default_cal; @@ -49,24 +54,34 @@ if (isset($HTTP_GET_VARS['cal'])) { if ($is_webcal) { - $cal_displayname = substr(str_replace('32', ' ', basename($cal_filename)), 0, -4); - $cal = $cal_filename; - $filename = $cal; + if ($allow_webcals == 'yes' || in_array($cal_webcalPrefix, $list_webcals) || in_array($cal_httpPrefix, $list_webcals)) { + $cal_displayname = substr(str_replace('32', ' ', basename($cal_filename)), 0, -4); + $cal = urlencode($cal_filename); + $filename = $cal_filename; + $subscribe_path = $cal_webcalPrefix; + } else { + exit(error('Remote calendars are not allowed on this server and the calendar located at '.$HTTP_GET_VARS['cal'].' is not in the list of allowed calendars. Please use the "Back" button to return.')); + } } else { $cal_displayname = str_replace('32', ' ', $cal_filename); $cal = urlencode($cal_filename); - - if (!isset($filename)) { - $filename = $calendar_path.'/'.$cal_filename.'.ics'; - if (!file_exists($filename)) { - $dir_handle = @opendir($calendar_path) or die('Unable to open path: '.$calendar_path); - while ($file = readdir($dir_handle)) { - if (substr($file, -4) == '.ics') { - $filename = $calendar_path.'/'.$file; - break; + if (in_array($cal_filename, $blacklisted_cals)) { + exit(error($cal_filename.' is restricted on this server. Please use the "Back" button to return.')); + } else { + if (!isset($filename)) { + $filename = $calendar_path.'/'.$cal_filename.'.ics'; + if (!file_exists($filename)) { + $dir_handle = @opendir($calendar_path) or die('Unable to open path: '.$calendar_path); + while ($file = readdir($dir_handle)) { + if (substr($file, -4) == '.ics') { + $cal = urlencode(substr($file, 0, -4)); + $filename = $calendar_path.'/'.$file; + break; + } } } } + $subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename; } } ?>
\ No newline at end of file diff --git a/functions/list_icals.php b/functions/list_icals.php index 8ca60d1..c2635aa 100644 --- a/functions/list_icals.php +++ b/functions/list_icals.php @@ -15,20 +15,36 @@ if ($display_ical_list == "yes") { // build the <option> tags while ($file = readdir($dir_handle)) { if (substr($file, -4) == ".ics") { + // $cal_filename is the filename of the calendar without .ics // $cal is a urlencoded version of $cal_filename // $cal_displayname is $cal_filename with occurrences of "32" replaced with " " $cal_filename_tmp = substr($file,0,-4); $cal_tmp = urlencode($cal_filename_tmp); $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); - - if ($cal_tmp == $cal) { - print "<option value=\"$current_view.php?cal=$cal_tmp\" selected>$cal_displayname_tmp Calendar</option>\n"; - } else { - print "<option value=\"$current_view.php?cal=$cal_tmp\">$cal_displayname_tmp Calendar</option>\n"; - } + if (!in_array($cal_filename_tmp, $blacklisted_cals)) { + if ($cal_tmp == $cal) { + print "<option value=\"$current_view.php?cal=$cal_tmp\" selected>$cal_displayname_tmp Calendar</option>\n"; + } else { + print "<option value=\"$current_view.php?cal=$cal_tmp\">$cal_displayname_tmp Calendar</option>\n"; + } + } } } + foreach($list_webcals as $cal_tmp) { + if ($cal_tmp != '') { + $cal_displayname_tmp = basename($cal_tmp); + $cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp); + $cal_displayname_tmp = substr($cal_displayname_tmp,0,-4); + $cal_encoded_tmp = urlencode($cal_tmp); + if ($cal_tmp == $cal_httpPrefix || $cal_tmp == $cal_webcalPrefix) { + print "<option value=\"$current_view.php?cal=$cal_encoded_tmp\" selected>$cal_displayname_tmp Webcal</option>\n"; + } else { + print "<option value=\"$current_view.php?cal=$cal_encoded_tmp\">$cal_displayname_tmp Webcal</option>\n"; + } + } + } + // close file closedir($dir_handle); |