More formally meet specification, particularly If-Match and If-None-Match,

but with a specific workaround for Evolution <= 1.8.

inc/caldav-DELETE.php

@@ -1,35 +1,60 @@
 <?php
-
 dbg_error_log("delete", "DELETE method handler");
 
-// The DELETE method is not sent with any wrapping XML so we simply delete it
+/**
+* etag_none_match, if set, is telling us only to DELETE if it fails to match.  Likewise etag_if_match
+* is telling us only to DELETE if it successfully matches the ETag.  Se Evolution's Bugzilla for the
+* truth about Evolution's broken handling of this: http://bugzilla.gnome.org/show_bug.cgi?id=349573
+*/
 
-$get_path = $_SERVER['PATH_INFO'];
-$etag_none_match = str_replace('"','',$_SERVER["HTTP_IF_NONE_MATCH"]);
-
-if ( $etag_none_match != '' ) {
-  /**
-  * etag_none_match is saying that we should only delete a row if it matches this etag
-  * (only rows not matching should exist afterwards, I guess.)
-  */
-  $only_this_etag = " AND dav_etag = ".qpg($etag_none_match);
+if ( !isset($etag_if_match) && isset($etag_none_match) && preg_match('#Evolution/([0-9.]+)#', $_SERVER['HTTP_USER_AGENT'], $matches ) ) {
+  if ( doubleval($matches[1]) <= 1.8 ) {
+    $etag_if_match = $etag_none_match;
+    unset($etag_none_match);
+  }
 }
 
-$qry = new PgQuery( "SELECT * FROM caldav_data WHERE user_no = ? AND dav_name = ? $only_this_etag;", $session->user_no, $get_path );
-if ( $qry->Exec("caldav-DELETE") && $qry->rows == 1 ) {
-  $qry = new PgQuery( "DELETE FROM caldav_data WHERE user_no = ? AND dav_name = ? $only_this_etag;", $session->user_no, $get_path );
-  if ( $qry->Exec("caldav-DELETE") ) {
-    header("HTTP/1.1 200 OK");
-    dbg_error_log( "delete", "DELETE: User: %d, ETag: %s, Path: %s", $session->user_no, $etag_none_match, $get_path);
+
+if ( !isset($permissions['write']) ) {
+    header("HTTP/1.1 403 Forbidden");
+    header("Content-type: text/plain");
+    if ( isset($etag_none_match) && $etag_none_match == $delete_row->dav_etag ) {
+      echo "Permission denied";
+    }
+  exit(0);
+}
+
+/**
+* Wr read the resource first, so we can check if it matches (or does not match)
+*/
+$qry = new PgQuery( "SELECT * FROM caldav_data WHERE user_no = ? AND dav_name = ?;", (isset($path_user_no)?$path_user_no:$session->user_no), $request_path );
+if ( $qry->Exec("DELETE") && $qry->rows == 1 ) {
+  $delete_row = $qry->Fetch();
+  if ( (isset($etag_none_match) && $etag_none_match == $delete_row->dav_etag) || (isset($etag_if_match) && $etag_if_match != $delete_row->dav_etag) ) {
+    header("HTTP/1.1 412 Precondition Failed");
+    header("Content-type: text/plain");
+    if ( isset($etag_none_match) && $etag_none_match == $delete_row->dav_etag ) {
+      echo "Resource matches 'If-None-Match' header - not deleted\n";
+    }
+    if ( isset($etag_if_match) && $etag_if_match != $delete_row->dav_etag ) {
+      echo "Resource does not match 'If-Match' header - not deleted\n";
+    }
+    exit(0);
+  }
+  $qry = new PgQuery( "DELETE FROM caldav_data WHERE user_no = ? AND dav_name = ? $only_this_etag;", $session->user_no, $request_path );
+  if ( $qry->Exec("DELETE") ) {
+    header("HTTP/1.1 200 Deleted", true, 200);
+    header("Content-length: 0");
+    dbg_error_log( "DELETE", "DELETE: User: %d, ETag: %s, Path: %s", $session->user_no, $etag_none_match, $request_path);
   }
   else {
     header("HTTP/1.1 500 Infernal Server Error");
-    dbg_error_log( "delete", "DELETE failed: User: %d, ETag: %s, Path: %s, SQL: %s", $session->user_no, $etag_none_match, $get_path, $qry->querystring);
+    dbg_error_log( "DELETE", "DELETE failed: User: %d, ETag: %s, Path: %s, SQL: %s", $session->user_no, $etag_none_match, $request_path, $qry->querystring);
   }
 }
 else {
   header("HTTP/1.1 404 Not Found");
-  dbg_error_log( "delete", "DELETE row not found: User: %d, ETag: %s, Path: %s", $qry->rows, $session->user_no, $etag_none_match, $get_path);
+  dbg_error_log( "DELETE", "DELETE row not found: User: %d, ETag: %s, Path: %s", $qry->rows, $session->user_no, $etag_none_match, $request_path);
 }
 
 ?>