From f870f9efcf36a3c7e839b8c37195d94bfa92d6fe Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Thu, 2 Feb 2012 12:18:29 +0100
Subject: [PATCH] validate parameters in changeview.php

---
 apps/calendar/ajax/changeview.php | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/apps/calendar/ajax/changeview.php b/apps/calendar/ajax/changeview.php
index ef05c7cd496..df3e2827b7e 100644
--- a/apps/calendar/ajax/changeview.php
+++ b/apps/calendar/ajax/changeview.php
@@ -1,15 +1,24 @@
 <?php
 /**
- * Copyright (c) 2011 Georg Ehrke <ownclouddev at georgswebsite dot de>
+ * Copyright (c) 2012 Georg Ehrke <ownclouddev at georgswebsite dot de>
  * This file is licensed under the Affero General Public License version 3 or
  * later.
  * See the COPYING-README file.
  */
 
-require_once ("../../../lib/base.php");
+require_once ('../../../lib/base.php');
 OC_JSON::checkLoggedIn();
 OC_JSON::checkAppEnabled('calendar');
-$currentview = $_GET["v"];
-OC_Preferences::setValue(OC_USER::getUser(), "calendar", "currentview", $currentview);
+$currentview = $_GET['v'];
+switch($currentview){
+	case 'agendaWeek':
+	case 'month';
+	case 'list':
+		break;
+	default:
+		OC_JSON::error();
+		exit;
+}
+OC_Preferences::setValue(OC_USER::getUser(), 'calendar', 'currentview', $currentview);
 OC_JSON::success();
-?>
+?>
\ No newline at end of file