nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-03-17 08:40:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,744 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

1957 Commits

Author SHA1 Message Date
Andrew Ruthven
9cdeae54e2 Use the correct variable for PHP 2021-02-26 00:39:59 +13:00
Andrew Ruthven
6f1a20e1a2 If we already have the email address, don't need to do a DB query 2021-02-26 00:22:56 +13:00
Andrew Ruthven
cbd1d4f8ea searchEmails should return a boolean, and needs to be public. 2021-02-26 00:22:53 +13:00
Andrew Ruthven
1076fd5bfa Update some more uses of usr.email 2021-02-26 00:22:44 +13:00
Andrew Ruthven
cd4d0a6bf9 Avoid having multiple rows if a principal has more than one email address. 2021-02-26 00:22:31 +13:00
Andrew Ruthven
172e96a322 Correctly handle 'Apply changes' for email addresses. 
Previously have applying a change, the screen would be refreshed
and the email address would still be getting edited. This correctly
refreshes the screen to show that the email address editing is finished.
 2021-02-26 00:22:18 +13:00
Andrew Ruthven
d788bca04a Merge remote-tracking branch 'fsfs/multiple-email' into multiple-email-new 2021-02-26 00:19:45 +13:00
Andrew Ruthven
d3a7d10873 Merge branch 'master' into multiple-email-new 2021-02-26 00:18:53 +13:00
Florian Schlichting
e92e981542 Listing External Calendars is part of the Administration menu and should be restricted to admins 
this could be made configurable, or lumped in with
$c->restrict_setup_to_admin, but non-admins only get here by manually
entering the URL...
 2021-02-09 01:54:32 +08:00
Florian Schlichting
202e2edd5a tighten $c->list_everyone to look for DAV::read privilege and actually block access to principals and collections 
Groups really only exist in the davical web interface, CALDAV clients
discover principals and collections based on GRANTs such as the
DAV::read privilege, so use that for the web interface as well.

Also, not listing users is nice, actually blocking access to those users
(which can be enumerated with the id GET parameter) is a lot better.
 2021-02-09 01:54:32 +08:00
Klaus M Pfeiffer
042ce5f076 add feature list_everyone (fixes #59) 2021-02-08 17:41:28 +00:00
Andrew Ruthven
ccedbd1be9 Include the UID of the card which caused us to hit the RRULE limit 
This will helpfully assist tracking down issues with recurrence rules.
 2021-02-06 20:19:03 +13:00
Florian Schlichting
097b415b42 fix display of email addresses for users other than admin 
unfortunately, $id is a principal_id, not a user_no - these match only
for admin. Similar changes will be necessary for adding and updating an
email address.

changing the "primary" address does not work and may need some thought
wrt/ UNIQUE

the 'usr' table is actually from AWL, and no-one has done any schema
management there yet; however there's precedent in davical's
dba/patches/1.1.4.sql that that was just upgraded from davical...
 2021-02-05 17:50:05 +08:00
Andrew Ruthven
ee8a751add WIP: Multiple emails for principles 2021-02-05 14:52:00 +08:00
Florian Schlichting
b4f8f5a6c1 cardquery: ensure restriction to target collection remains in force even when we find that we need a post_filter step and thus throw away the SQL 
this ensures a sane (but still wrong) result for
carddav/2051-REPORT-carddavclient-ParamNotDefinedSome
 2021-02-05 02:01:09 +08:00
Florian Schlichting
75f62a81f6 fix PHP8 deprecation warnings: "Required parameter X follows optional parameter Y" 
Deprecated: Required parameter $username follows optional parameter $attributes in inc/drivers_ldap.php on line 190
Deprecated: Required parameter $passwd follows optional parameter $attributes in inc/drivers_ldap.php on line 190
Deprecated: Required parameter $ua_string follows optional parameter $min_age in inc/external-fetch.php on line 42

As explained in https://www.php.net/manual/en/migration80.deprecated.php,
    If a parameter with a default value is followed by a required
    parameter, the default value has no effect. This is deprecated as of
    PHP 8.0.0 and can generally be resolved by dropping the default
    value, without a change in functionality
 2021-02-03 23:25:51 +08:00
Jan Hicken
f376be164e Use brackets instead of curly braces for string offset access 
Curly braces have been deprecated in PHP 7.4 and unsupported in PHP 8.0.
 2021-02-03 14:57:57 +00:00
Andrew Ruthven
6308949b87 WIP: Multiple emails for principles 2021-01-31 20:27:38 +13:00
Piotr Filip
e98bf7b682 fix: events with recurrence rule are sometimes counted one too many times in freebusy 2021-01-25 00:08:13 +13:00
Florian Schlichting
e64fd2b868 LSID logins were removed from AWL, drop related bits in davical 2020-04-04 17:44:12 +02:00
Florian Schlichting
007bf95589 use foreach() instead of deprecated each() (fixes #190) 2019-12-06 18:21:08 +08:00
Florian Schlichting
e2c6b927c8 HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings 2019-12-06 18:17:18 +08:00
nielsvangijzen
c8a0ca4531 Fix CSRF not being checked in collection-edit.php 2019-12-06 09:30:16 +01:00
Jim Fenton
a3acb770ac release 1.1.9.1: fix XSS function lost in rebuild of always.php 2019-12-03 16:35:08 -08:00
Jim Fenton
072207e1c8 Merge branch '194-confidential-issue' 2019-12-03 14:39:40 -08:00
nielsvangijzen
1a917b30eb Addressed comments made by @puck42 2019-11-29 09:58:46 +01:00
Andrew Ruthven
d3a8771d01 Merge branch 'cprn/davical-master' 2019-11-26 23:00:09 +13:00
Andrew Ruthven
65ce5d443e Fix syntax 2019-11-26 22:51:37 +13:00
Andrew Ruthven
8e7866c550 Use a placeholder for another instance of collection_id 2019-11-26 22:24:49 +13:00
nielsvangijzen
86a8ec5302 Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-10-28 11:55:11 +01:00
Milan Crha
710bc6cccd Add missing 'break;' into RRule.php 2019-06-19 09:20:56 +00:00
Cyprian Guerra
2ba1d64b0c fixing Invalid parameter number: :collection_id 2019-03-28 10:52:32 +01:00
Florian Schlichting
75d4db9afb two more PHP5 curl 2019-03-11 22:46:37 +01:00
Andrew Ruthven
afe69f22d3 We need PHP curl, not specifically PHP5 curl 2019-03-07 16:15:34 +13:00
Jamie McClymont
9522fd5f3c Make range-based calendar queries use the new first_instance_start/last_instance_end columns 2019-02-28 16:00:19 +13:00
Jamie McClymont
b07019ed96 Make calquery expansion aware of the calendar default timezone 
This fixes cases where we emit floating times
 2019-02-28 16:00:19 +13:00
Florian Schlichting
97a2686459 fix more PHP7+ type hints for PHP5 compatibility (fixes #197) 2019-02-13 08:49:19 +01:00
Florian Schlichting
9bc94556b4 add users to new groups in the "update groups" step 
do not maintain the same code twice
 2019-01-30 22:28:58 +01:00
Florian Schlichting
8d622df3e5 honour do_not_sync_group_from_ldap when creating groups, correctly display all results 
same for groups
 2019-01-30 22:18:43 +01:00
Florian Schlichting
eb0e9a8aec honour do_not_sync_from_ldap when creating users, correctly display all results 
despite its name, $c->do_not_sync_from_ldap did not stop accounts in
LDAP from being created in Davical, it only stopped accounts not in LDAP
from being deactived in Davical (like a local admin account)
 2019-01-30 21:57:24 +01:00
Florian Schlichting
afcaacaf2a do_not_sync_from_ldap for groups (fixes #158) 2019-01-30 21:42:01 +01:00
Florian Schlichting
de1e994cab make the Admin role inheritable (fix #140) 2019-01-30 21:12:06 +01:00
Florian Schlichting
6627018f77 turn PHP7+ type hint into phpdoc (fixes #185) 2019-01-30 18:20:04 +01:00
Andrew Ruthven
dccd7997f7 Merge branch 'master' into hungerburg/davical-master 2019-01-30 22:25:46 +13:00
Andrew Ruthven
ebd169e555 Merge branch 'JJJollyjim/davical-freebusy-modified-instances' 2019-01-30 22:19:25 +13:00
Andrew Ruthven
8966a044a2 Merge branch 'JJJollyjim/davical-rrule-expansion-limit' 2019-01-29 23:06:03 +13:00
Jamie McClymont
cf2f019419 Increase, and make configurable, the limit for rrule expansion 2019-01-28 04:51:37 +00:00
Jamie McClymont
aea6be279b RRule Expansion: Do not emit recurrences for instances with RRULEs 
This matches the behaviour of Evolution and Thunderbird
 2019-01-28 17:17:28 +13:00
Jamie McClymont
ffa06343a3 Fix bugs in expansion of events with overridden instances 2019-01-28 15:29:55 +13:00
Jamie McClymont
6a3619aaad Swallow errors when updating instance ranges on TZ changes 2019-01-10 16:51:40 +13:00