Much stricter implementation of the OPTIONS command. It is possible that

this will make Evolution and Mozilla fail, which I will need to fix before this can be released.
2026-02-07 02:23:35 +00:00 · 2006-11-18 23:08:45 +13:00 · 2006-11-18 23:08:45 +13:00 · 3b5735faaf
commit 3b5735faaf
parent 83bb7650ae
6 changed files with 54 additions and 13 deletions
--- a/inc/caldav-OPTIONS.php
+++ b/inc/caldav-OPTIONS.php
@ -10,6 +10,46 @@
 */
  dbg_error_log("OPTIONS", "method handler");

+if ( ! isset($permissions['read']) ) {
+  header("HTTP/1.1 403 Forbidden");
+  header("Content-type: text/plain");
+  echo "You may not access that calendar.";
+  dbg_error_log("OPTIONS", "Access denied for User: %d, Path: %s", $session->user_no, $request_path);
+  return;
+}
+
+$exists = false;
+$is_calendar = false;
+
+if ( $request_path == '/' ) {
+  $exists = true;
+}
+else {
+  if ( preg_match( '#^/[^/]+/$#', $request_path) ) {
+    $sql = "SELECT user_no, '/' || username || '/' AS dav_name, md5( '/' || username || '/') AS dav_etag, ";
+    $sql .= "updated AS created, fullname AS dav_displayname, FALSE AS is_calendar FROM usr WHERE user_no = $path_user_no ; ";
+  }
+  else {
+    $sql = "SELECT user_no, dav_name, dav_etag, created, dav_displayname, is_calendar FROM collection WHERE user_no = $path_user_no AND dav_name = ".qpg($request_path);
+  }
+  $qry = new PgQuery($sql );
+  if( $qry->Exec("OPTIONS",__LINE__,__FILE__) && $qry->rows > 0 && $collection = $qry->Fetch() ) {
+    $is_calendar = ($collection->is_calendar == 't');
+    $exists = true;
+  }
+  elseif ( $c->collections_always_exist ) {
+    $exists = true;
+  }
+}
+
+if ( !exists ) {
+  header("HTTP/1.1 404 Not Found");
+  header("Content-type: text/plain");
+  echo "No collection found at that location.";
+  dbg_error_log("OPTIONS", "No collection found for User: %d, Path: %s", $session->user_no, $request_path);
+  return;
+}
+
  header( "Content-type: text/plain" );
  header( "Content-length: 0" );

@ -19,7 +59,9 @@
  * PROPPATCH, because I suspect that will be used.  Also HEAD and POST being fairly standard
  * should be handled.  COPY and MOVE would seem to be easy also.
  */
-  header( "Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, REPORT, MKCALENDAR, MKCOL");
+  $allowed = "OPTIONS, GET, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR";
+  if ( $is_calendar ) $allowed .= ", REPORT";
+  header( "Allow: $allowed");
  // header( "Allow: ACL, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SCHEDULE, TRACE, UNLOCK");

  /**
@ -29,11 +71,10 @@
  * access-control is rfc3744, so we will say we do it, but I doubt if we do it
  * in all it's glory really.
  */
-  header( "DAV: 1, 2, access-control, calendar-access");
+  $dav = "1, 2, access-control";
+  if ( $is_calendar ) $dav .= ", calendar-access";
+  header( "Allow: $allowed");
+  header( "DAV: $dav");
  // header( "DAV: 1, 2, access-control, calendar-access, calendar-schedule");

-  /**
-  * FIXME: We should only return the 'calendar-access' and 'calendar-schedule' DAV headers for calendar collections.
-  * We should only "Allow" the REPORT method against calendar collections.
-  */
 ?>
--- a/testing/tests/regression-suite/001-Mulberry-1.result
+++ b/testing/tests/regression-suite/001-Mulberry-1.result
@ -2,7 +2,7 @@ HTTP/1.1 200 OK
 Date: Dow, 01 Jan 2000 00:00:00 GMT
 Server: Apache/2.2.3 (Debian) DAV/2
 Content-length: 0
-Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, REPORT, MKCALENDAR, MKCOL
-DAV: 1, 2, access-control, calendar-access
+Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR
+DAV: 1, 2, access-control
 Content-Type: text/plain; charset=UTF-8

--- a/testing/tests/regression-suite/101-Evo-OPTIONS-1.result
+++ b/testing/tests/regression-suite/101-Evo-OPTIONS-1.result
@ -2,7 +2,7 @@ HTTP/1.1 200 OK
 Date: Dow, 01 Jan 2000 00:00:00 GMT
 Server: Apache/2.2.3 (Debian) DAV/2
 Content-length: 0
-Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, REPORT, MKCALENDAR, MKCOL
+Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR, REPORT
 DAV: 1, 2, access-control, calendar-access
 Content-Type: text/plain; charset=UTF-8

--- a/testing/tests/regression-suite/201-Moz-OPTIONS-2.result
+++ b/testing/tests/regression-suite/201-Moz-OPTIONS-2.result
@ -2,7 +2,7 @@ HTTP/1.1 200 OK
 Date: Dow, 01 Jan 2000 00:00:00 GMT
 Server: Apache/2.2.3 (Debian) DAV/2
 Content-length: 0
-Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, REPORT, MKCALENDAR, MKCOL
+Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR, REPORT
 DAV: 1, 2, access-control, calendar-access
 Content-Type: text/plain; charset=UTF-8

--- a/testing/tests/regression-suite/302-Chandler-OPTIONS-2.result
+++ b/testing/tests/regression-suite/302-Chandler-OPTIONS-2.result
@ -2,7 +2,7 @@ HTTP/1.1 200 OK
 Date: Dow, 01 Jan 2000 00:00:00 GMT
 Server: Apache/2.2.3 (Debian) DAV/2
 Content-length: 0
-Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, REPORT, MKCALENDAR, MKCOL
+Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR, REPORT
 DAV: 1, 2, access-control, calendar-access
 Content-Type: text/plain; charset=UTF-8

--- a/testing/tests/regression-suite/305-Chandler-OPTIONS-3.result
+++ b/testing/tests/regression-suite/305-Chandler-OPTIONS-3.result
@ -2,7 +2,7 @@ HTTP/1.1 200 OK
 Date: Dow, 01 Jan 2000 00:00:00 GMT
 Server: Apache/2.2.3 (Debian) DAV/2
 Content-length: 0
-Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, REPORT, MKCALENDAR, MKCOL
-DAV: 1, 2, access-control, calendar-access
+Allow: OPTIONS, GET, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR
+DAV: 1, 2, access-control
 Content-Type: text/plain; charset=UTF-8