From c4ee924869fde31d41c47cd05d0f6c9ff4c16bdf Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Sat, 11 Feb 2012 21:48:45 +0100
Subject: [PATCH] Cleanup OC_Contacts_Addressbook::find usage

Use OC_Contacts_App::getAddressbook($id) instead of OC_Contacts_Addressbook::find($id), it contains access checks.
---
 apps/contacts/import.php    |  6 +-----
 apps/contacts/photo.php     | 14 +-------------
 apps/contacts/thumbnail.php | 16 +---------------
 3 files changed, 3 insertions(+), 33 deletions(-)

diff --git a/apps/contacts/import.php b/apps/contacts/import.php
index 9008208db5..4638bf0d73 100644
--- a/apps/contacts/import.php
+++ b/apps/contacts/import.php
@@ -22,12 +22,8 @@ if($_POST['method'] == 'new'){
 	$id = OC_Contacts_Addressbook::add(OC_User::getUser(), $_POST['addressbookname']);
 	OC_Contacts_Addressbook::setActive($id, 1);
 }else{
-	$contacts = OC_Contacts_Addressbook::find($_POST['id']);
-	if($contacts['userid'] != OC_USER::getUser()){
-		OC_JSON::error();
-		exit();
-	}
 	$id = $_POST['id'];
+	OC_Contacts_App::getAddressbook($id); // is owner access check
 }
 //analyse the contacts file
 if(is_writable('import_tmp/')){
diff --git a/apps/contacts/photo.php b/apps/contacts/photo.php
index 756aae63c4..9566764e70 100644
--- a/apps/contacts/photo.php
+++ b/apps/contacts/photo.php
@@ -31,19 +31,7 @@ if(isset($GET['refresh'])) {
 }
 $l10n = new OC_L10N('contacts');
 
-$card = OC_Contacts_VCard::find( $id );
-if( $card === false ){
-	echo $l10n->t('Contact could not be found.');
-	exit();
-}
-
-$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] );
-if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){
-	echo $l10n->t('This is not your contact.'); // This is a weird error, why would it come up? (Better feedback for users?)
-	exit();
-}
-
-$content = OC_VObject::parse($card['carddata']);
+$content = OC_Contacts_App::getContactVCard($id);
 $image = new OC_Image();
 // invalid vcard
 if( is_null($content)){
diff --git a/apps/contacts/thumbnail.php b/apps/contacts/thumbnail.php
index 36d395171a..b981fdbe1e 100644
--- a/apps/contacts/thumbnail.php
+++ b/apps/contacts/thumbnail.php
@@ -50,21 +50,7 @@ $id = $_GET['id'];
 
 $l10n = new OC_L10N('contacts');
 
-$card = OC_Contacts_VCard::find( $id );
-if( $card === false ){
-	OC_Log::write('contacts','thumbnail.php. Contact could not be found: '.$id,OC_Log::ERROR);
-	getStandardImage();
-	exit();
-}
-
-// FIXME: Is this check necessary? It just takes up CPU time.
-$addressbook = OC_Contacts_Addressbook::find( $card['addressbookid'] );
-if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){
-	OC_Log::write('contacts','thumbnail.php. Wrong contact/addressbook - WTF?',OC_Log::ERROR);
-	exit();
-}
-
-$content = OC_VObject::parse($card['carddata']);
+$content = OC_Contacts_App::getContactVCard($id);
 
 // invalid vcard
 if( is_null($content)){
-- 
GitLab