nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-02-22 04:53:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,279 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

314 Commits

Author SHA1 Message Date
Andrew McMillan
1141a43089 Fixing and debugging. 2013-09-26 16:09:36 +02:00
Andrew McMillan
e49d3dd225 We will add a setting to disable the DAV header on non-OPTIONS requests. 2013-09-26 14:24:38 +02:00
Andrew McMillan
d0fffe490a Set the default timezone to the database as well as for PHP. 2013-09-26 14:24:08 +02:00
Christoph Anton Mitterer
ea1ca0be0c escape version string to prevent XSS for sure 
* HTML escape the remotely retrieved version string printed to the HTML in order
  to prevent and attacks (if this would have been possible at all in 12
  characters).

The version string read from the davical.org webserver might be changed by an
attacker in order to perform XSS.
Even though this is highly unlikley (there are only 12 characters used) it's
better to HTML escape any such string that is printed to HTML.

This was originally reported at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703290
 2013-09-02 14:38:05 +12:00
Christoph Anton Mitterer
8e60bb3124 set line endings of most text files to LF 
* Changed the end-of-line encodings of all non-Windows-related and non-autogenerated text files to use UNIX LF (lots of them had mixed LF/CRLF).

Conflicts:
	inc/caldav-PUT-functions.php
 2013-09-02 14:37:23 +12:00
Andrew McMillan
cc8e6a0131 Release 1.1.2 2013-07-15 13:12:05 +12:00
Andrew McMillan
9e774b295a When we get here it is a Bad Request, not a Server Error. 2012-09-20 23:54:47 +12:00
Andrew McMillan
9d7d453211 Workaround client software with imperfect add-member implementations. 2012-09-20 23:35:21 +12:00
Andrew McMillan
7e51fa8541 Release 1.1.1 2012-07-11 08:39:11 +12:00
Andrew McMillan
0d47b81e48 Remove bug trace. 2012-07-09 01:16:46 +12:00
Andrew McMillan
2f82e69cfb Correctly test for repeated caldav.php in URL. 2012-07-08 11:58:58 +12:00
Andrew McMillan
55aefbecce Try to trace how we get caldav.php/ doubled in a path. 2012-06-30 16:03:25 +12:00
Andrew McMillan
3239a0bdd8 Fix debian bug #656392 - correct detection of suhosin.server_strip status. 2012-06-26 18:44:54 +12:00
Andrew McMillan
2538835a12 Seems that change to output buffer flushing is problematic with zlib. 2012-06-14 13:36:15 +12:00
Andrew McMillan
46addb00fd Fix some final niggles with setup.php and spurious logged errors. 2012-05-30 23:04:10 +12:00
Andrew McMillan
cf934f8a90 Release 1.1.0 2012-05-28 21:27:15 +12:00
Andrew McMillan
98fe8a9e19 Don't disable upload field. Use library to create 'append mode' field. 2012-05-15 00:21:35 +12:00
Andrew McMillan
724a549502 Fix thinko. 2012-05-14 22:26:17 +12:00
Andrew McMillan
47363b4f41 We should error 500 when we have an exception that isn't caught. 2012-05-14 20:54:43 +12:00
Andrew McMillan
f05063fedf When logging failed anonymous access, don't crash and burn. 2012-05-05 17:02:22 +12:00
Andrew McMillan
7f60277b83 Always default the timezone to something, even if the user did not. 2012-05-03 15:42:28 +12:00
Andrew McMillan
9ee6f37d77 Make it possible to see output from /setup.php when DB is unavailable. 
Also depends on some changes to AwlDbDialect/AwlQuery.
 2012-04-22 10:01:40 +12:00
Andrew McMillan
3afa91be85 Don't try and initialize gettext unless it's installed. 2012-04-18 16:46:32 +12:00
Andrew McMillan
f68823a5b2 Get rid of potential warning on early use of date() 2012-03-22 15:00:29 +13:00
Andrew McMillan
f55f8fbee3 Allow complete disabling of handling for Apple's old calendar-proxy. 
We'll make this a default behaviour after 2012 is over and remove it
sometime after that.
 2012-03-22 13:52:20 +13:00
Andrew McMillan
655f34aa27 Correct HTTP date formatting function. 2012-03-16 16:44:59 +13:00
Andrew McMillan
092cef63ca A more robust way of checking empty. 2012-03-12 14:55:52 +13:00
Rob Ostensen
14c695c45a Fix typo in last commit 2012-03-12 14:54:38 +13:00
Rob Ostensen
6ee0df101e Skip empty domains in iSchedule setup page 2012-03-12 14:54:31 +13:00
Andrew McMillan
8d4dfb5d91 Handle HTTP date formatting for non-english locales (force English names). 2012-03-12 13:02:11 +13:00
Andrew McMillan
a6d6dfc8b8 Silence the warning if this is not initialised. 2012-03-12 13:00:41 +13:00
Andrew McMillan
70bca47b3d iSchedule administration helper. 
Signed-off-by: Andrew McMillan <andrew@morphoss.com>
 2012-03-11 12:14:55 +13:00
Andrew McMillan
927a98482f Release 1.0.2 2012-01-14 10:46:56 +13:00
Rob Ostensen
ebfeeb220e add checks to prevent external binds from being created or updated if curl is missing, add check to setup page 2012-01-07 14:38:58 +13:00
Andrew McMillan
067cbdc841 Release 1.0.1 2012-01-05 12:30:52 +13:00
Andrew McMillan
5df8e7c0b5 Fix missing braces around admin restriction. 2012-01-05 11:26:58 +13:00
Andrew McMillan
70f6587a18 Release 1.0.0 2012-01-04 16:48:45 +13:00
Andrew McMillan
b50b2d82ea Force output buffers to be flushed, if they're turned on. 
If output buffering is turned on, PHP can be a bit slack about sending
the data to the client before closing the connection with exit(). These
changes ensure we call ob_flush() before we leave.  We call @ob_flush()
so we don't get noisy warnings when output buffering is off...
 2011-11-02 18:43:10 +13:00
Andrew McMillan
062e01aede We don't need to test for the PostgreSQL non-PDO drivers now. 2011-10-28 14:02:20 +13:00
Andrew McMillan
be5374a7e9 Add test for PHP filter module and wiki links for each test. 2011-10-27 19:05:26 +13:00
Andrew McMillan
bb8bf75e8f Release 0.9.9.7 2011-10-24 20:27:43 +13:00
Andrew McMillan
d8f920fb13 Is this possibly the last RSCDS -> DAViCal name change commi? 2011-10-19 07:39:39 +13:00
Andrew McMillan
4d1f936a8b Fix tools.php to allow importing of a directory of calendars again. 2011-10-14 11:08:17 +13:00
Andrew McMillan
44ba4443f6 Move well-known.php into the include directory. 
Also start to add some basic support for autodiscover.xml handling.
 2011-10-07 09:58:20 +02:00
Andrew McMillan
0db1fed1de Fix handling where supplied content-type header is busted. 2011-10-06 11:05:15 +02:00
Andrew McMillan
fde9af2a07 The changedsince or changesince parameter has an uncertain name. 2011-10-05 11:42:40 +02:00
Andrew McMillan
46f0bd289a Errors in timezone protocol should be in timezone xmlns 2011-10-05 09:41:33 +02:00
Andrew McMillan
6500f73133 Add protocol://hostname onto location header per spec. 2011-10-05 09:40:24 +02:00
Andrew McMillan
72c25cf799 Pass through any GET parameters on the .well-known/timezone URL. 2011-10-05 08:53:32 +02:00
Andrew McMillan
f01e6f5eb5 If we didn't actually GET an action, don't have an ugly PHP error. 2011-10-05 08:41:27 +02:00