diff --git a/inc/caldav-BIND.php b/inc/caldav-BIND.php index bd7876c3..4736d157 100644 --- a/inc/caldav-BIND.php +++ b/inc/caldav-BIND.php @@ -48,26 +48,26 @@ if ( $destination->Exists() ) { } // external binds shouldn't ever point back to ourselves but they should be a valid http[s] url -if ( preg_match ( '{^https?://([^/]+)(:[0-9]\+)?/.+$}', $href, $matches ) && - strcasecmp( $matches[0], 'localhost' ) !== 0 && strcasecmp( $matches[0], '127.0.0.1' ) !== 0 - && strcasecmp( $matches[0], $_SERVER['SERVER_NAME'] ) !== 0 && strcasecmp( $matches[0], $_SERVER['SERVER_ADDR'] ) !== 0 ) { - require_once('external-fetch.php'); - $qry = new AwlQuery( ); +if ( preg_match ( '{^https?://([^/]+)(:[0-9]\+)?/.+$}', $href, $matches ) + && strcasecmp( $matches[0], 'localhost' ) !== 0 && strcasecmp( $matches[0], '127.0.0.1' ) !== 0 + && strcasecmp( $matches[0], $_SERVER['SERVER_NAME'] ) !== 0 && strcasecmp( $matches[0], $_SERVER['SERVER_ADDR'] ) !== 0 ) { + require_once('external-fetch.php'); + $qry = new AwlQuery( ); $qry->QDo('SELECT collection_id FROM collection WHERE dav_name = :dav_name ', array( ':dav_name' => '/.external/'. md5($href) )); if ( $qry->rows() == 1 && ($row = $qry->Fetch()) ) { - $dav_id = $row->dav_id; - } - else { - create_external ( '/.external/'. md5($href) ,true,false ); - $qry->QDo('SELECT collection_id FROM collection WHERE dav_name = :dav_name ', array( ':dav_name' => '/.external/'. md5($href) )); - if ( $qry->rows() != 1 || !($row = $qry->Fetch()) ) - $request->DoResponse(500,translate('Database Error')); - $dav_id = $row->collection_id; - } + $dav_id = $row->collection_id; + } + else { + create_external ( '/.external/'. md5($href) ,true,false ); + $qry->QDo('SELECT collection_id FROM collection WHERE dav_name = :dav_name ', array( ':dav_name' => '/.external/'. md5($href) )); + if ( $qry->rows() != 1 || !($row = $qry->Fetch()) ) + $request->DoResponse(500,translate('Database Error')); + $dav_id = $row->collection_id; + } - $sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname, external_url, type ) - VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname, :external_url, :external_type )'; - $params = array( + $sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname, external_url, type ) + VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname, :external_url, :external_type )'; + $params = array( ':target_id' => $dav_id, ':ticket_id' => null, ':parent_container' => $parent->dav_name(), @@ -77,46 +77,46 @@ if ( preg_match ( '{^https?://([^/]+)(:[0-9]\+)?/.+$}', $href, $matches ) && ':external_url' => $href, ':external_type' => 'calendar' ); - $qry = new AwlQuery( $sql, $params ); - if ( $qry->Exec('BIND',__LINE__,__FILE__) ) { - $qry = new AwlQuery( 'SELECT bind_id from dav_binding where dav_name = :dav_name', array( ':dav_name' => $destination_path ) ); - if ( ! $qry->Exec('BIND',__LINE__,__FILE__) || $qry->rows() != 1 || !($row = $qry->Fetch()) ) - $request->DoResponse(500,translate('Database Error')); - fetch_external ( $row->bind_id, '' ); - $request->DoResponse(201); - } - else { - $request->DoResponse(500,translate('Database Error')); - } + $qry = new AwlQuery( $sql, $params ); + if ( $qry->Exec('BIND',__LINE__,__FILE__) ) { + $qry = new AwlQuery( 'SELECT bind_id from dav_binding where dav_name = :dav_name', array( ':dav_name' => $destination_path ) ); + if ( ! $qry->Exec('BIND',__LINE__,__FILE__) || $qry->rows() != 1 || !($row = $qry->Fetch()) ) + $request->DoResponse(500,translate('Database Error')); + fetch_external ( $row->bind_id, '' ); + $request->DoResponse(201); + } + else { + $request->DoResponse(500,translate('Database Error')); + } } else { - $source = new DAVResource( $href ); - if ( !$source->Exists() ) { - $request->PreconditionFailed(403,'DAV::bind-source-exists',translate('The BIND Request MUST identify an existing resource.')); - } - - if ( $source->IsPrincipal() || !$source->IsCollection() ) { - $request->PreconditionFailed(403,'DAV::binding-allowed',translate('DAViCal only allows BIND requests for collections at present.')); - } - - if ( $source->IsBinding() ) - $source = new DAVResource( $source->bound_from() ); + $source = new DAVResource( $href ); + if ( !$source->Exists() ) { + $request->PreconditionFailed(403,'DAV::bind-source-exists',translate('The BIND Request MUST identify an existing resource.')); + } + + if ( $source->IsPrincipal() || !$source->IsCollection() ) { + $request->PreconditionFailed(403,'DAV::binding-allowed',translate('DAViCal only allows BIND requests for collections at present.')); + } + + if ( $source->IsBinding() ) + $source = new DAVResource( $source->bound_from() ); - /* - bind_id INT8 DEFAULT nextval('dav_id_seq') PRIMARY KEY, - bound_source_id INT8 REFERENCES collection(collection_id) ON UPDATE CASCADE ON DELETE CASCADE, - access_ticket_id TEXT REFERENCES access_ticket(ticket_id) ON UPDATE CASCADE ON DELETE SET NULL, + /* + bind_id INT8 DEFAULT nextval('dav_id_seq') PRIMARY KEY, + bound_source_id INT8 REFERENCES collection(collection_id) ON UPDATE CASCADE ON DELETE CASCADE, + access_ticket_id TEXT REFERENCES access_ticket(ticket_id) ON UPDATE CASCADE ON DELETE SET NULL, parent_container TEXT NOT NULL, dav_name TEXT UNIQUE NOT NULL, dav_displayname TEXT, external_url TEXT, type TEXT - */ + */ - $sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname ) - VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname )'; - $params = array( + $sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname ) + VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname )'; + $params = array( ':target_id' => $source->GetProperty('collection_id'), ':ticket_id' => (isset($request->ticket) ? $request->ticket->id() : null), ':parent_container' => $parent->dav_name(), @@ -125,17 +125,17 @@ else { ':displayname' => $source->GetProperty('displayname') ); $qry = new AwlQuery( $sql, $params ); - if ( $qry->Exec('BIND',__LINE__,__FILE__) ) { - header('Location: '. ConstructURL($destination_path) ); - - // Uncache anything to do with the target - $cache = getCacheInstance(); - $cache_ns = 'collection-'.$destination_path; - $cache->delete( $cache_ns, null ); - - $request->DoResponse(201); - } - else { - $request->DoResponse(500,translate('Database Error')); - } + if ( $qry->Exec('BIND',__LINE__,__FILE__) ) { + header('Location: '. ConstructURL($destination_path) ); + + // Uncache anything to do with the target + $cache = getCacheInstance(); + $cache_ns = 'collection-'.$destination_path; + $cache->delete( $cache_ns, null ); + + $request->DoResponse(201); + } + else { + $request->DoResponse(500,translate('Database Error')); + } }