rooty/OwncloudContactsOfficial
1
0
Fork 0
mirror of https://github.com/owncloudarchive/contacts.git synced 2024-12-01 13:24:10 +01:00
Code Issues Releases Activity

Add userid to address book query. Fix owncloud/security-tracker#48

Browse Source
This commit is contained in:
Thomas Tanghus 2014-03-10 15:53:49 +01:00
parent 1afddaa98e
commit ef30cdc524
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/backend/database.php
View File

@ -129,12 +129,12 @@ class Database extends AbstractBackend {
try {
$query = 'SELECT `id`, `displayname`, `description`, `userid` AS `owner`, `ctag` AS `lastmodified`, `uri` FROM `'
. $this->addressBooksTableName
. '` WHERE `id` = ?';
. '` WHERE `id` = ? AND `userid` = ?';
if (!isset(self::$preparedQueries['getaddressbook'])) {
self::$preparedQueries['getaddressbook'] = \OCP\DB::prepare($query);
}
$result = self::$preparedQueries['getaddressbook']->execute(array($addressbookid));
$result = self::$preparedQueries['getaddressbook']->execute(array($addressbookid, $this->userid));
if (\OCP\DB::isError($result)) {
\OCP\Util::writeLog('contacts', __METHOD__. 'DB error: '
@ -145,7 +145,7 @@ class Database extends AbstractBackend {
$row = $result->fetchRow();
if (!$row) {
throw new \Exception('Address Book not found', 404);
return null;
}
$row['permissions'] = \OCP\PERMISSION_ALL;