From fe642a4f7b8d0017e6cd37dbd9fdebf7dfc7b7a7 Mon Sep 17 00:00:00 2001 From: Andrew McMillan Date: Wed, 11 Oct 2006 13:32:23 +1300 Subject: [PATCH] More formally match specified behaviour, especially If-Match and If-None-Match. --- inc/caldav-PUT.php | 99 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 74 insertions(+), 25 deletions(-) diff --git a/inc/caldav-PUT.php b/inc/caldav-PUT.php index 65fe549c..eac8c57b 100644 --- a/inc/caldav-PUT.php +++ b/inc/caldav-PUT.php @@ -10,8 +10,14 @@ fwrite($fh,$raw_post); fclose($fh); $etag = md5($raw_post); -if ( isset($_SERVER["HTTP_IF_MATCH"]) ) $etag_match = str_replace('"','',$_SERVER["HTTP_IF_MATCH"]); -if ( isset($_SERVER["HTTP_IF_NONE_MATCH"]) ) $etag_none_match = str_replace('"','',$_SERVER["HTTP_IF_NONE_MATCH"]); +if ( preg_match('#Evolution/([0-9.]+)#', $_SERVER['HTTP_USER_AGENT'], $matches ) ) { + /** + * Evolution can't handle an ETag that doesn't change, so we give it a fake one + * first for the PUT reply and it'll figure it out in due course. Sad but true. + * - See http://bugzilla.gnome.org/show_bug.cgi?id=355659 + */ + $bogus_etag = "BogusEvolutionETagOnPUT".rand(7,2139876547); +} include_once("iCalendar.php"); $ic = new iCalendar(array( 'icalendar' => $raw_post )); @@ -19,44 +25,85 @@ $ic = new iCalendar(array( 'icalendar' => $raw_post )); dbg_log_array( "PUT", 'EVENT', $ic->properties['VCALENDAR'][0], true ); -if ( !isset($etag_match) || $etag_match == '*' || $etag_match == '' ) { - /** - * If they didn't send an etag_match header, we need to check if the PUT object already exists - * and we are hence updating it. And we just set our etag_match to that. - */ - $qry = new PgQuery( "SELECT * FROM caldav_data WHERE user_no=? AND dav_name=?", $session->user_no, $request_path ); - $qry->Exec("PUT"); - if ( $qry->rows > 1 ) { - header("HTTP/1.1 500 Infernal Server Error"); - dbg_error_log("ERROR","Multiple events match replaced path for user %d, path %s", $session->user_no, $request_path ); +/** +* We read any existing object so we can check the ETag. +*/ +unset($put_action_type); +$qry = new PgQuery( "SELECT * FROM caldav_data WHERE user_no=? AND dav_name=?", $session->user_no, $request_path ); +if ( !$qry->Exec("PUT") || $qry->rows > 1 ) { + header("HTTP/1.1 500 Infernal Server Error"); + dbg_error_log("ERROR","Query failure, or multiple events match replaced path for user %d, path %s", $session->user_no, $request_path ); + exit(0); +} +elseif ( $qry->rows < 1 ) { + if ( isset($etag_if_match) && $etag_if_match != '' ) { + /** + * RFC2068, 14.25: + * If none of the entity tags match, or if "*" is given and no current + * entity exists, the server MUST NOT perform the requested method, and + * MUST return a 412 (Precondition Failed) response. + */ + header("HTTP/1.1 412 Precondition Failed"); + header("Content-type: text/plain"); + header("Content-length: 0"); + if ( isset($etag_if_match) && $etag_if_match != $delete_row->dav_etag ) { + echo "No existing resource matching 'If-Match' header - not accepted.\n"; + } exit(0); } - elseif ( $qry->rows == 1 ) { - $icalendar = $qry->Fetch(); - $etag_match = $icalendar->dav_etag; + $put_action_type = 'INSERT'; +} +elseif ( $qry->rows == 1 ) { + $icalendar = $qry->Fetch(); + + if ( ( isset($etag_if_match) && $etag_if_match != '' && $etag_if_match != $icalendar->dav_etag ) + || ( isset($etag_none_match) && $etag_none_match != '' && ($etag_none_match == $icalendar->dav_etag || $etag_none_match == '*') ) ) { + /** + * RFC2068, 14.25: + * If none of the entity tags match, or if "*" is given and no current + * entity exists, the server MUST NOT perform the requested method, and + * MUST return a 412 (Precondition Failed) response. + * + * RFC2068, 14.26: + * If any of the entity tags match the entity tag of the entity that + * would have been returned in the response to a similar GET request + * (without the If-None-Match header) on that resource, or if "*" is + * given and any current entity exists for that resource, then the + * server MUST NOT perform the requested method. + */ + header("HTTP/1.1 412 Precondition Failed"); + header("Content-type: text/plain"); + header("Content-length: 0"); + if ( isset($etag_if_match) && $etag_if_match != $icalendar->dav_etag ) { + echo "Existing resource does not match 'If-Match' header - not accepted.\n"; + } + if ( isset($etag_none_match) && $etag_none_match != '' && ($etag_none_match == $icalendar->dav_etag || $etag_none_match == '*') ) { + echo "Existing resource matches 'If-None-Match' header - not accepted.\n"; + } + exit(0); } + + $put_action_type = 'UPDATE'; } -if ( !isset($etag_match) || $etag_match == '*' || $etag_match == '' ) { - /** - * If we got this far without an etag we must be inserting it. - */ +if ( $put_action_type == 'INSERT' ) { $qry = new PgQuery( "INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, caldav_type, logged_user, created, modified ) VALUES( ?, ?, ?, ?, ?, ?, current_timestamp, current_timestamp )", $session->user_no, $request_path, $etag, $raw_post, $ic->type, $session->user_no ); $qry->Exec("PUT"); - header("HTTP/1.1 201 Created"); - header("ETag: $etag"); + header("HTTP/1.1 201 Created", true, 201); } else { $qry = new PgQuery( "UPDATE caldav_data SET caldav_data=?, dav_etag=?, caldav_type=?, logged_user=?, modified=current_timestamp WHERE user_no=? AND dav_name=? AND dav_etag=?", - $raw_post, $etag, $ic->type, $session->user_no, $session->user_no, $request_path, $etag_match ); + $raw_post, $etag, $ic->type, $session->user_no, $session->user_no, $request_path, $etag_if_match ); $qry->Exec("PUT"); - header("HTTP/1.1 201 Replaced"); - header("ETag: $etag"); + header("HTTP/1.1 201 Replaced", true, 201); } +header(sprintf('ETag: "%s"', (isset($bogus_etag) ? $bogus_etag : $etag) ) ); +header("Content-length: 0"); + $sql = ( $ic->tz_locn == '' ? '' : "SET TIMEZONE TO ".qpg($ic->tz_locn).";" ); $dtstart = $ic->Get('dtstart'); @@ -75,7 +122,7 @@ else { -if ( !isset($etag_match) || $etag_match == '*' || $etag_match == '' ) { +if ( $put_action_type == 'INSERT' ) { $sql .= <<user_no, $etag, $request_path); +// Just ensure we exit without sending anything more. +exit(0); ?> \ No newline at end of file