Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sc8-pr-cvs1:/tmp/cvs-serv13795/functions
Modified Files:
init.inc.php
Log Message:
Do not include subscribe and download links for calendars referenced
by an absolute path or with a relative path going up (i.e. ../).
Index: init.inc.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/init.inc.php,v
retrieving revision 1.38
retrieving revision 1.39
diff -C2 -d -r1.38 -r1.39
*** init.inc.php 26 Sep 2003 16:00:41 -0000 1.38
--- init.inc.php 16 Oct 2003 19:01:49 -0000 1.39
***************
*** 137,149 ****
// Sets the download and subscribe paths from the config if present.
! if ($download_uri == '') {
$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
$download_filename = $filename;
! } else {
$newurl = eregi_replace("^(http://)", "", $download_uri);
$subscribe_path = 'webcal://'.$newurl.'/'.$cal_filename.'.ics';
$download_filename = $download_uri.'/'.$cal_filename.'.ics';
}
-
}
}
--- 137,151 ----
// Sets the download and subscribe paths from the config if present.
! if ($download_uri == '' && preg_match('/(^\/|..\/)/', $filename) == 0) {
$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
$download_filename = $filename;
! } else if ($download_uri != '') {
$newurl = eregi_replace("^(http://)", "", $download_uri);
$subscribe_path = 'webcal://'.$newurl.'/'.$cal_filename.'.ics';
$download_filename = $download_uri.'/'.$cal_filename.'.ics';
+ } else {
+ $subscribe_path = '';
+ $download_filename = '';
}
}
}
|
