nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,654 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

368 Commits

Author SHA1 Message Date
Florian Schlichting
2ab18d802e turn cherry-picked commits into a quilt patch and prepare security upload 2019-12-13 07:34:35 +08:00
Florian Schlichting
9d12734793 HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings 2019-12-12 00:57:51 +08:00
nielsvangijzen
c7eca6dd4a Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-12-12 00:53:56 +08:00
Florian Schlichting
4af9595f4d release 1.1.8 2019-01-30 22:53:08 +01:00
Andrew Ruthven
65a6a51d7b Need to use sprintf! 2019-01-05 00:12:34 +13:00
Andrew Ruthven
040ed9767f Merge remote-tracking branch 'origin/include-version-in-setup' 2018-12-30 21:58:18 +13:00
Andrew Ruthven
979667850b If DAViCal or AWL versions pass, show the running version. 
Closes #151
 2018-10-02 20:41:12 +13:00
“Paul
c5891abc7f Introduce new global variable to control maximum size of carddav resources. 2018-08-30 17:23:12 +02:00
Florian Schlichting
05397d635c release 1.1.6 2018-01-12 00:15:36 +01:00
Florian Schlichting
f37daa4ed7 clean up obsolete code: supported_methods and supported_reports was moved to DAVResource 2018-01-08 22:45:33 +01:00
Florian Schlichting
eba26021c7 update doc and fix a warning 2018-01-08 22:43:27 +01:00
Florian Schlichting
3ba605288f release 1.1.6 2017-10-25 11:48:43 +02:00
Florian Schlichting
8f16da75eb fix "PHP Warning: preg_match(): No ending delimiter '.' found" 
the second argument of param_to_global, if set, becomes the first
argument of a call to preg_match(). Unless it's the special value 'int',
it needs to have regex delimiters around it, like '/.*/'

In this case, we're not interested in the value of the add-member
parameter, we only want to check for its existence, so skip validation.
 2017-10-04 23:02:12 +02:00
Florian Schlichting
4410d7e94a dont put caldav.php in special URLs 2017-09-19 21:23:06 +02:00
Florian Schlichting
5f3aecfda4 Revert "Support http://.../freebusy.php?foo@example.com" 
This reverts commit 38788acc5cbec147d6a46a6254ef8eec0a270c71, which
causes the following tests to fail (not return any FREEBUSY):

    tests/regression-suite/0832-freebusy.test
    tests/regression-suite/0836-freebusy.test
    tests/regression-suite/0837-freebusy.test
    tests/regression-suite/0888-GET-freebusy.test
 2017-09-19 20:01:00 +02:00
Andrew Ruthven
38788acc5c Support http://.../freebusy.php?foo@example.com 
Sometimes users set the Free/Busy URL to have a ?, not a /. Let's
support that.
 2017-05-16 13:33:19 +12:00
Florian Schlichting
b1191bd83c caldav: leave some info about the exception we are catching 2017-04-28 17:43:13 +02:00
Florian Schlichting
bbea62d288 Merge branch 'server-array-upper' into 'master' 
Convert array keys for $_SERVER to uppercase

See merge request !38
 2017-04-24 21:59:08 +00:00
Jan Losinski
e97c9674e9 Convert array keys for $_SERVER to uppercase 
It seems to be the case, that array indicies in $_SERVER are always
uppercase. Sadly I could not find any documentation of this but at
least with mod_php it is the case. Also a extensive search on github
projects seems to support this thesis.

On my installation the 'X-FORWARDED-PROTO' is even then uppercase when
its mixed case in the Header provided by the reverse proxy.

Signed-off-by: Jan Losinski <losinski@wh2.tu-dresden.de>
 2017-04-13 03:00:36 +02:00
Florian Schlichting
06e20e5508 dont send early exceptions to the client only, leave a trace in the error log too 2017-04-08 16:43:21 +02:00
Florian Schlichting
4f72fdfea1 Bump davical version to 1.1.5, DB is at 1.3.2 2017-01-23 23:02:56 +01:00
Florian Schlichting
21b5f8bacf Update apache-davical.conf adding .well-known rewriting 2017-01-17 23:39:53 +01:00
Florian Schlichting
93bd6073b1 creating a DAVResource from "/ " loops a lot 2017-01-11 00:10:33 +01:00
Florian Schlichting
2c11535eb0 use secure URIs where possible 2017-01-08 15:48:52 +01:00
Florian Schlichting
2c0c65d08a add optional support for X-Forwarded-Proto etc (closes: #87) 
Modify the relevant $_SERVER variables directly, as we're using them in
various places in davical and awl.
 2017-01-06 16:06:11 +01:00
Florian Schlichting
55d15d2eed use https for retrieving current_davical_version (fixes #1) 2017-01-06 16:06:11 +01:00
Florian Schlichting
404d9ab449 fix remaining apigen errors (duplicate function names etc) 2016-12-30 08:54:24 +01:00
Florian Schlichting
eaef540766 replace RRule with RRule-v2 2016-12-30 08:54:14 +01:00
Florian Schlichting
eb7f2edc0c eliminate trailing whitespace, expand tabs 2016-12-30 08:52:44 +01:00
Christoph Anton Mitterer
70bd8cf0ce handle failing version check when allow_url_fopen is set to false (closes: #57) 2016-12-02 21:57:24 +01:00
Florian Schlichting
0901fd2756 Remove remaining references to $c->local_tzid (fixes #35) 2016-12-02 00:24:53 +01:00
Florian Schlichting
86447e31fe Set the same default timezone to Database and PHP 2016-12-01 19:17:22 +01:00
Florian Schlichting
bb8ae530f5 a helpful comment 
(and a lot of whitespace cleanup)
 2016-09-14 23:46:41 +02:00
Andrew McMillan
c5c0421caf Add /metrics.php to be scraped by Prometheus for monitoring. 2016-06-22 23:53:22 +01:00
Andrew McMillan
b85f8e79fe Fail better! 
There's a long-standing annoyance about catching errors in the early
stages of startup - sometimes they seem to disappear nowhere and yet
nothing works.  This fixes at least part of that.
 2016-06-22 23:26:24 +01:00
Florian Schlichting
0281a8d619 adapt to AWL function rename get_fields() -> awl_get_fields() 2016-06-13 22:02:47 +02:00
Florian Schlichting
fee15797f7 Check for PHP XML support in setup.php (see #91) 2016-06-01 22:40:46 +02:00
Florian Schlichting
f1595efb48 add the iSchedule administration helper to the menu to give it more visibility and testing 
and only show 'List External Calendars' in one (the Admin's) menu
 2016-01-08 14:54:19 +01:00
Florian Schlichting
af1707ef1d prepare for 1.1.4 2016-01-03 19:09:56 +01:00
Florian Schlichting
ffdc13183f remove database connection check before $c is available (closes #36) 
My browser hides the error message behind the menu bar, that's why I'm
also adding a line break in the do_error() handler.
 2016-01-01 23:54:01 +01:00
Florian Schlichting
bf733fca8e let admin.php without parameters redirect to index.php, and document restrict_setup_to_admin setting (fixes #55) 2016-01-01 21:55:32 +01:00
Florian Schlichting
bbc7ddef2f Apache 2.4 removed Order / Allow directives for new Require 2015-12-31 17:32:48 +01:00
Florian Schlichting
8e9eaa3410 fix issue #72 - 405 error when adding a new contact from Apple's Contacts 
As can be seen from the reporter's debug output, the problem is that
the POST goes to .../?add-member, whereas davical expects / works with /
redirects to ?add_member (note the underscore). So we have davical treat
?add-member the same as ?add_member
 2015-12-26 14:33:28 +01:00
Jim Fenton
32f4e2924f Merge branch 'itemfix' into 'master' 
Fixed grouped Properties naming (e.g. Addresses: item1.ADR instead of just ADR) …

…that caused item1.ADR to be written to DB(address_address_adr) because it doesn't match ADR, fix works ofr every grouped Property (yet there is only ADR...)
Added VCard Property ORG as nondefault (because it takes more then one Value)
Fixed false handling of Properties that can have more than one value (e.g. ORG) where values are seperated by semicolons

See merge request !19
 2015-12-11 01:27:48 +00:00
Jim Fenton
b95eade0b9 Update required version of AWL to 0.56 2015-12-10 14:04:01 -08:00
Frank O. Martin
ce379d3cf7 Removed favicon.ico work around 2015-11-19 19:41:16 +01:00
Cyril Giraud
642524d391 Extract translatable strings in upgrade.php + update according to Transifex translations. 2015-03-06 23:41:08 +01:00
Cyril Giraud
4a4b8f22da Forum link update without making translators to re-translate the whole help string (preg_replace). 2014-12-29 22:40:14 +01:00
Jim Fenton
a877ef47c5 Correct links to mailing list archives and bug report location 2014-11-22 22:10:40 -08:00
Jim Fenton
2029e24f1a Merge branch issue_20_localization into master 2014-11-20 22:33:08 -08:00