[PHPiCalendar-Commits] phpicalendar/functions init.inc.php,1.38,1.39

[<jo...@us...>]

Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sc8-pr-cvs1:/tmp/cvs-serv13795/functions

Modified Files:
	init.inc.php 
Log Message:
Do not include subscribe and download links for calendars referenced
by an absolute path or with a relative path going up (i.e. ../).


Index: init.inc.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/init.inc.php,v
retrieving revision 1.38
retrieving revision 1.39
diff -C2 -d -r1.38 -r1.39
*** init.inc.php	26 Sep 2003 16:00:41 -0000	1.38
--- init.inc.php	16 Oct 2003 19:01:49 -0000	1.39
***************
*** 137,149 ****
  		
  		// Sets the download and subscribe paths from the config if present.
! 		if ($download_uri == '') {
  			$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
  			$download_filename = $filename;
! 		} else {
  			$newurl = eregi_replace("^(http://)", "", $download_uri); 
  			$subscribe_path = 'webcal://'.$newurl.'/'.$cal_filename.'.ics';
  			$download_filename = $download_uri.'/'.$cal_filename.'.ics';
  		}
- 		
  	}
  }
--- 137,151 ----
  		
  		// Sets the download and subscribe paths from the config if present.
! 		if ($download_uri == '' && preg_match('/(^\/|..\/)/', $filename) == 0) {
  			$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
  			$download_filename = $filename;
! 		} else if ($download_uri != '') {
  			$newurl = eregi_replace("^(http://)", "", $download_uri); 
  			$subscribe_path = 'webcal://'.$newurl.'/'.$cal_filename.'.ics';
  			$download_filename = $download_uri.'/'.$cal_filename.'.ics';
+ 		} else {
+ 			$subscribe_path = '';
+ 			$download_filename = '';
  		}
  	}
  }