From d449e1f836dda5b7a7a376ba1c6b1e6b91831a9b Mon Sep 17 00:00:00 2001
From: Andrew McMillan <debian@mcmillan.net.nz>
Date: Thu, 7 Dec 2006 00:13:33 +1300
Subject: [PATCH] To avoid information loss we ensure people have a minimum of
 'read' access before we even _start_ looking for other kinds of errors.

---
 inc/caldav-PUT.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/inc/caldav-PUT.php b/inc/caldav-PUT.php
index a71ca667..1b14c5ac 100644
--- a/inc/caldav-PUT.php
+++ b/inc/caldav-PUT.php
@@ -10,8 +10,9 @@
 */
 dbg_error_log("PUT", "method handler");
 
-// The PUT method is not sent with any wrapping XML so we simply store it
-// after constructing an eTag and getting a name for it...
+if ( ! $request->AllowedTo("read") ) {
+  $request->DoResponse(403);
+}
 
 $fh = fopen('/tmp/PUT.txt','w');
 fwrite($fh,$request->raw_post);