From 4872988f2eef484e55dfd88111947456f8583727 Mon Sep 17 00:00:00 2001
From: Andrew McMillan <debian@mcmillan.net.nz>
Date: Sat, 19 May 2007 11:43:50 +1200
Subject: [PATCH] [security] Only save debugging output when we are debugging.

---
 inc/caldav-PUT.php    | 8 +++++---
 inc/caldav-REPORT.php | 6 ++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/inc/caldav-PUT.php b/inc/caldav-PUT.php
index d16d3f7d..2dce4eb9 100644
--- a/inc/caldav-PUT.php
+++ b/inc/caldav-PUT.php
@@ -14,9 +14,11 @@ if ( ! $request->AllowedTo("read") ) {
   $request->DoResponse(403);
 }
 
-$fh = fopen('/tmp/PUT.txt','w');
-fwrite($fh,$request->raw_post);
-fclose($fh);
+if ( isset($c->dbg['ALL']) || $c->dbg['put'] ) {
+  $fh = fopen('/tmp/PUT.txt','w');
+  fwrite($fh,$request->raw_post);
+  fclose($fh);
+}
 
 include_once('caldav-PUT-functions.php');
 $is_collection = controlRequestContainer($request->username,$request->user_no, $request->path,true);
diff --git a/inc/caldav-REPORT.php b/inc/caldav-REPORT.php
index d380682f..daff5483 100644
--- a/inc/caldav-REPORT.php
+++ b/inc/caldav-REPORT.php
@@ -10,6 +10,12 @@
 */
 dbg_error_log("REPORT", "method handler");
 
+if ( isset($c->dbg['ALL']) || $c->dbg['report'] ) {
+  $fh = fopen('/tmp/REPORT.txt','w');
+  fwrite($fh,$request->raw_post);
+  fclose($fh);
+}
+
 if ( ! ($request->AllowedTo('read') || $request->AllowedTo('freebusy')) ) {
   // The specification states that a lack of privileges MUST result in a 404. Caldav-15, Section 7.10, p66
   $request->DoResponse( 404 );