nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-19 01:34:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

More formally match specified behaviour, especially If-Match and If-None-Match.

Browse Source
This commit is contained in:
Andrew McMillan 2006-10-11 13:32:23 +13:00
parent 17ac937376
commit fe642a4f7b
1 changed files with 74 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
inc/caldav-PUT.php
View File

@ -10,8 +10,14 @@ fwrite($fh,$raw_post);
fclose($fh); fclose($fh);
$etag = md5($raw_post); $etag = md5($raw_post);
if ( isset($_SERVER["HTTP_IF_MATCH"]) ) $etag_match = str_replace('"','',$_SERVER["HTTP_IF_MATCH"]); if ( preg_match('#Evolution/([0-9.]+)#', $_SERVER['HTTP_USER_AGENT'], $matches ) ) {
if ( isset($_SERVER["HTTP_IF_NONE_MATCH"]) ) $etag_none_match = str_replace('"','',$_SERVER["HTTP_IF_NONE_MATCH"]); /**
* Evolution can't handle an ETag that doesn't change, so we give it a fake one
* first for the PUT reply and it'll figure it out in due course. Sad but true.
* - See http://bugzilla.gnome.org/show_bug.cgi?id=355659
*/
$bogus_etag = "BogusEvolutionETagOnPUT".rand(7,2139876547);
}
include_once("iCalendar.php"); include_once("iCalendar.php");
$ic = new iCalendar(array( 'icalendar' => $raw_post )); $ic = new iCalendar(array( 'icalendar' => $raw_post ));
@ -19,44 +25,85 @@ $ic = new iCalendar(array( 'icalendar' => $raw_post ));
dbg_log_array( "PUT", 'EVENT', $ic->properties['VCALENDAR'][0], true ); dbg_log_array( "PUT", 'EVENT', $ic->properties['VCALENDAR'][0], true );
if ( !isset($etag_match) || $etag_match == '*' || $etag_match == '' ) {
/** /**
* If they didn't send an etag_match header, we need to check if the PUT object already exists * We read any existing object so we can check the ETag.
* and we are hence updating it. And we just set our etag_match to that.
*/ */
unset($put_action_type);
$qry = new PgQuery( "SELECT * FROM caldav_data WHERE user_no=? AND dav_name=?", $session->user_no, $request_path ); $qry = new PgQuery( "SELECT * FROM caldav_data WHERE user_no=? AND dav_name=?", $session->user_no, $request_path );
$qry->Exec("PUT"); if ( !$qry->Exec("PUT") || $qry->rows > 1 ) {
if ( $qry->rows > 1 ) {
header("HTTP/1.1 500 Infernal Server Error"); header("HTTP/1.1 500 Infernal Server Error");
dbg_error_log("ERROR","Multiple events match replaced path for user %d, path %s", $session->user_no, $request_path ); dbg_error_log("ERROR","Query failure, or multiple events match replaced path for user %d, path %s", $session->user_no, $request_path );
exit(0); exit(0);
} }
elseif ( $qry->rows < 1 ) {
if ( isset($etag_if_match) && $etag_if_match != '' ) {
/**
* RFC2068, 14.25:
* If none of the entity tags match, or if "*" is given and no current
* entity exists, the server MUST NOT perform the requested method, and
* MUST return a 412 (Precondition Failed) response.
*/
header("HTTP/1.1 412 Precondition Failed");
header("Content-type: text/plain");
header("Content-length: 0");
if ( isset($etag_if_match) && $etag_if_match != $delete_row->dav_etag ) {
echo "No existing resource matching 'If-Match' header - not accepted.\n";
}
exit(0);
}
$put_action_type = 'INSERT';
}
elseif ( $qry->rows == 1 ) { elseif ( $qry->rows == 1 ) {
$icalendar = $qry->Fetch(); $icalendar = $qry->Fetch();
$etag_match = $icalendar->dav_etag;
if ( ( isset($etag_if_match) && $etag_if_match != '' && $etag_if_match != $icalendar->dav_etag )
|| ( isset($etag_none_match) && $etag_none_match != '' && ($etag_none_match == $icalendar->dav_etag || $etag_none_match == '*') ) ) {
/**
* RFC2068, 14.25:
* If none of the entity tags match, or if "*" is given and no current
* entity exists, the server MUST NOT perform the requested method, and
* MUST return a 412 (Precondition Failed) response.
*
* RFC2068, 14.26:
* If any of the entity tags match the entity tag of the entity that
* would have been returned in the response to a similar GET request
* (without the If-None-Match header) on that resource, or if "*" is
* given and any current entity exists for that resource, then the
* server MUST NOT perform the requested method.
*/
header("HTTP/1.1 412 Precondition Failed");
header("Content-type: text/plain");
header("Content-length: 0");
if ( isset($etag_if_match) && $etag_if_match != $icalendar->dav_etag ) {
echo "Existing resource does not match 'If-Match' header - not accepted.\n";
} }
if ( isset($etag_none_match) && $etag_none_match != '' && ($etag_none_match == $icalendar->dav_etag || $etag_none_match == '*') ) {
echo "Existing resource matches 'If-None-Match' header - not accepted.\n";
}
exit(0);
} }
if ( !isset($etag_match) || $etag_match == '*' || $etag_match == '' ) { $put_action_type = 'UPDATE';
/** }
* If we got this far without an etag we must be inserting it.
*/ if ( $put_action_type == 'INSERT' ) {
$qry = new PgQuery( "INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, caldav_type, logged_user, created, modified ) VALUES( ?, ?, ?, ?, ?, ?, current_timestamp, current_timestamp )", $qry = new PgQuery( "INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, caldav_type, logged_user, created, modified ) VALUES( ?, ?, ?, ?, ?, ?, current_timestamp, current_timestamp )",
$session->user_no, $request_path, $etag, $raw_post, $ic->type, $session->user_no ); $session->user_no, $request_path, $etag, $raw_post, $ic->type, $session->user_no );
$qry->Exec("PUT"); $qry->Exec("PUT");
header("HTTP/1.1 201 Created"); header("HTTP/1.1 201 Created", true, 201);
header("ETag: $etag");
} }
else { else {
$qry = new PgQuery( "UPDATE caldav_data SET caldav_data=?, dav_etag=?, caldav_type=?, logged_user=?, modified=current_timestamp WHERE user_no=? AND dav_name=? AND dav_etag=?", $qry = new PgQuery( "UPDATE caldav_data SET caldav_data=?, dav_etag=?, caldav_type=?, logged_user=?, modified=current_timestamp WHERE user_no=? AND dav_name=? AND dav_etag=?",
$raw_post, $etag, $ic->type, $session->user_no, $session->user_no, $request_path, $etag_match ); $raw_post, $etag, $ic->type, $session->user_no, $session->user_no, $request_path, $etag_if_match );
$qry->Exec("PUT"); $qry->Exec("PUT");
header("HTTP/1.1 201 Replaced"); header("HTTP/1.1 201 Replaced", true, 201);
header("ETag: $etag");
} }
header(sprintf('ETag: "%s"', (isset($bogus_etag) ? $bogus_etag : $etag) ) );
header("Content-length: 0");
$sql = ( $ic->tz_locn == '' ? '' : "SET TIMEZONE TO ".qpg($ic->tz_locn).";" ); $sql = ( $ic->tz_locn == '' ? '' : "SET TIMEZONE TO ".qpg($ic->tz_locn).";" );
$dtstart = $ic->Get('dtstart'); $dtstart = $ic->Get('dtstart');
@ -75,7 +122,7 @@ else {
if ( !isset($etag_match) || $etag_match == '*' || $etag_match == '' ) { if ( $put_action_type == 'INSERT' ) {
$sql .= <<<EOSQL $sql .= <<<EOSQL
INSERT INTO calendar_item (user_no, dav_name, dav_etag, uid, dtstamp, dtstart, dtend, summary, location, class, transp, INSERT INTO calendar_item (user_no, dav_name, dav_etag, uid, dtstamp, dtstart, dtend, summary, location, class, transp,
description, rrule, tz_id, last_modified, url, priority, created, due, percent_complete ) description, rrule, tz_id, last_modified, url, priority, created, due, percent_complete )
@ -107,4 +154,6 @@ EOSQL;
dbg_error_log( "PUT", "User: %d, ETag: %s, Path: %s", $session->user_no, $etag, $request_path); dbg_error_log( "PUT", "User: %d, ETag: %s, Path: %s", $session->user_no, $etag, $request_path);
// Just ensure we exit without sending anything more.
exit(0);
?> ?>