nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-04-28 15:40:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,654 Commits 11 Branches 61 Tags 14 MiB
Commit Graph

3654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Schlichting
2ab18d802e turn cherry-picked commits into a quilt patch and prepare security upload debian/1.1.8-1+deb10u1 2019-12-13 07:34:35 +08:00
Florian Schlichting
9d12734793 HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings 2019-12-12 00:57:51 +08:00
nielsvangijzen
fb7ecc5282 Fix CSRF not being checked in collection-edit.php 2019-12-12 00:54:45 +08:00
nielsvangijzen
08404a55c0 Addressed comments made by @puck42 2019-12-12 00:54:06 +08:00
nielsvangijzen
c7eca6dd4a Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-12-12 00:53:56 +08:00
Florian Schlichting
4af9595f4d release 1.1.8 r1.1.8 2019-01-30 22:53:08 +01:00
Florian Schlichting
9bc94556b4 add users to new groups in the "update groups" step 
do not maintain the same code twice
 2019-01-30 22:28:58 +01:00
Florian Schlichting
8d622df3e5 honour do_not_sync_group_from_ldap when creating groups, correctly display all results 
same for groups
 2019-01-30 22:18:43 +01:00
Florian Schlichting
eb0e9a8aec honour do_not_sync_from_ldap when creating users, correctly display all results 
despite its name, $c->do_not_sync_from_ldap did not stop accounts in
LDAP from being created in Davical, it only stopped accounts not in LDAP
from being deactived in Davical (like a local admin account)
 2019-01-30 21:57:24 +01:00
Florian Schlichting
afcaacaf2a do_not_sync_from_ldap for groups (fixes #158) 2019-01-30 21:42:01 +01:00
Florian Schlichting
de1e994cab make the Admin role inheritable (fix #140) 2019-01-30 21:12:06 +01:00
Florian Schlichting
6627018f77 turn PHP7+ type hint into phpdoc (fixes #185) 2019-01-30 18:20:04 +01:00
Andrew Ruthven
ace5cfe855 Sure bet to ensure we use a higher version number than Debian 2019-01-30 23:00:22 +13:00
Andrew Ruthven
f658a45d38 Provide example of how to enable audit logging 2019-01-30 22:59:05 +13:00
Andrew Ruthven
dccd7997f7 Merge branch 'master' into hungerburg/davical-master 2019-01-30 22:25:46 +13:00
Andrew Ruthven
ebd169e555 Merge branch 'JJJollyjim/davical-freebusy-modified-instances' 2019-01-30 22:19:25 +13:00
Andrew Ruthven
8966a044a2 Merge branch 'JJJollyjim/davical-rrule-expansion-limit' 2019-01-29 23:06:03 +13:00
Jamie McClymont
cf2f019419 Increase, and make configurable, the limit for rrule expansion 2019-01-28 04:51:37 +00:00
Jamie McClymont
aea6be279b RRule Expansion: Do not emit recurrences for instances with RRULEs 
This matches the behaviour of Evolution and Thunderbird
 2019-01-28 17:17:28 +13:00
Jamie McClymont
ffa06343a3 Fix bugs in expansion of events with overridden instances 2019-01-28 15:29:55 +13:00
Jamie McClymont
6a3619aaad Swallow errors when updating instance ranges on TZ changes 2019-01-10 16:51:40 +13:00
Jamie McClymont
fe443bf2e6 Update instance range columns when a collection's timezone changes 
TODO: Handle the case where it is updated through the web UI
 2019-01-08 14:09:16 +13:00
Andrew Ruthven
7b55b7b1f2 meh, I give up on php for now 2019-01-05 00:31:37 +13:00
Andrew Ruthven
93f290e44d The pipeline showed 7.3 as being available, ah well. 2019-01-05 00:29:16 +13:00
Andrew Ruthven
f813fa3b0e Specific PHP version... 2019-01-05 00:27:40 +13:00
Andrew Ruthven
4c930a41d2 Package build wants dot for graphs, and to run php 2019-01-05 00:26:22 +13:00
Andrew Ruthven
65a6a51d7b Need to use sprintf! 2019-01-05 00:12:34 +13:00
Andrew Ruthven
6bcece8632 Make the default settings stand out more 2019-01-04 22:54:37 +13:00
Andrew Ruthven
bcdf59ae2e Merge branch 'JJJollyjim/davical-refactor-freebusy' 2019-01-04 22:37:25 +13:00
Jamie McClymont
c4321dac9f Fix excessive SQL queries in calendar-sync REPORT 
The calendar-sync REPORT fetches the collection as a DAVResource, then
instantiates a DAVResource for each event in the collection.

Unfortunately, ByRow in DAVResource fetches the resource's collection from the
database!

This commit populates each DAVResource's collection field with the
already-fetched collection when performing calendar-sync queries.
 2019-01-04 14:13:41 +13:00
Jamie McClymont
e449529f34 Fix tests after freebusy query changes 
The todo item added in 0514-iCal-PUT-VTODO.test was apparently not picked up by
the PL/pgSQL functions, which as far as I can tell is an error, since the event
is in the 2006-2007 range covered by the query. The new
first_instance_start/last_instance_end method for determining freebusy
information now allows the todo to appear in freebusy.
 2019-01-03 17:48:43 +13:00
Jamie McClymont
4f06aeec10 Use first_instance_start / last_instance_end to filter freebusy queries 2019-01-03 17:48:43 +13:00
Jamie McClymont
a2b393317d Populate first_instance_start and last_instance_end on resource write 2019-01-03 17:48:42 +13:00
Jamie McClymont
cf7de16e59 Handle default timezones in getVCalendarRange 
Also includes some PHPUnit-based tests for this function!
 2019-01-03 17:48:42 +13:00
Jamie McClymont
0c006b5c7c Make the recurrence range columns in the database tz-aware 2019-01-03 16:04:28 +13:00
Jamie McClymont
5fc3875345 Pull the freebusy floating-time handling into a function 2019-01-03 16:04:28 +13:00
Jamie McClymont
28c78023b5 Keep Apache logs as CI artifacts for debugging failures 2019-01-03 16:04:28 +13:00
Florian Schlichting
7330eaf995 checkpoint scheduling test results and add them to CI runner (fixes: #170) 
I think these remaining changes are due to AWLs vCalendar->GetItip()
creating a "minimal iTIP version" of events, and Jan Mate's "various
scheduling related fixes" in 31af435c and 92f48f38
 2018-12-31 03:34:37 +01:00
Florian Schlichting
df13612a68 mask unstable DTSTAMP in scheduling tests 
It is reset to the current date in AWL's vCalendar->GetItip()
 2018-12-31 03:23:08 +01:00
Andrew Ruthven
040ed9767f Merge remote-tracking branch 'origin/include-version-in-setup' 2018-12-30 21:58:18 +13:00
Florian Schlichting
19eb79ebf9 provide defaults for unused function parameters (fixes #155) 
PHP 7.1 throws an exception when a user-defined function is called with
too few arguments: http://php.net/manual/en/migration71.incompatible.php

As explained in the comments, collection_privilege_format_function and
principal_privilege_format_function take three arguments because of
their use as a rendering callback, however the latter two of them are
never used and thus can be ommitted in other uses.
 2018-12-29 19:38:13 +01:00
Florian Schlichting
0023b066fd Debian: use system perl in dba/update-davical-database 2018-12-29 11:54:09 +01:00
Florian Schlichting
3115c92a74 Update debian/watch to changed Gitlab directory layout 2018-12-29 11:10:24 +01:00
Florian Schlichting
44bb5cf7b6 fix to more uses of continue inside switch discovered by CI 
I wonder why I saw the first few, but not these?
 2018-12-22 19:56:25 +01:00
Florian Schlichting
a51caa38f1 properly check if $row has been unset (fixes #141) 
Also fix deprecation warnings introduced with PHP 7.3 about the use of
continue inside switch statements, see
https://wiki.php.net/rfc/continue_on_switch_deprecation
 2018-12-22 19:13:13 +01:00
Andrew Ruthven
55586c784e Remove use of $old_attendees 
Closes #141
 2018-12-22 19:12:50 +01:00
Florian Schlichting
9e8c3c47c4 Test: max-resource-size is no longer infinity 
c5891abc7f brought back a new, higher limit, which is configurable by
the site admin.
 2018-12-22 00:18:27 +01:00
Florian Schlichting
1301b2c494 Apache 2.4.35 stops sending Content-Type headers for 204 No Content responses 
Normalize results so tests work with newer and older versions

This change is similar to e565cc0a5e4af0330fe5a1ab6f2476be7fb10df4 and
following

From the Apache 2.4.35 changelog:

  *) http: Enforce consistently no response body with both 204 and 304
     statuses.  [Yann Ylavic]
 2018-12-22 00:12:54 +01:00
Florian Schlichting
c3654a9d48 call fetch_external with external_ua_string (fixes #164) 2018-12-22 00:02:09 +01:00
Florian Schlichting
c21313d05e Merge branch 'fix_max_carddav_resource_size' into 'master' 
Introduce new global variable to control maximum size of carddav resources.

See merge request davical-project/davical!53
 2018-12-21 22:43:53 +00:00