nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-04-18 14:00:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,654 Commits 11 Branches 61 Tags 14 MiB
Commit Graph

1924 Commits

Author SHA1 Message Date
Florian Schlichting
2ab18d802e turn cherry-picked commits into a quilt patch and prepare security upload 2019-12-13 07:34:35 +08:00
nielsvangijzen
fb7ecc5282 Fix CSRF not being checked in collection-edit.php 2019-12-12 00:54:45 +08:00
nielsvangijzen
08404a55c0 Addressed comments made by @puck42 2019-12-12 00:54:06 +08:00
nielsvangijzen
c7eca6dd4a Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-12-12 00:53:56 +08:00
Florian Schlichting
9bc94556b4 add users to new groups in the "update groups" step 
do not maintain the same code twice
 2019-01-30 22:28:58 +01:00
Florian Schlichting
8d622df3e5 honour do_not_sync_group_from_ldap when creating groups, correctly display all results 
same for groups
 2019-01-30 22:18:43 +01:00
Florian Schlichting
eb0e9a8aec honour do_not_sync_from_ldap when creating users, correctly display all results 
despite its name, $c->do_not_sync_from_ldap did not stop accounts in
LDAP from being created in Davical, it only stopped accounts not in LDAP
from being deactived in Davical (like a local admin account)
 2019-01-30 21:57:24 +01:00
Florian Schlichting
afcaacaf2a do_not_sync_from_ldap for groups (fixes #158) 2019-01-30 21:42:01 +01:00
Florian Schlichting
de1e994cab make the Admin role inheritable (fix #140) 2019-01-30 21:12:06 +01:00
Florian Schlichting
6627018f77 turn PHP7+ type hint into phpdoc (fixes #185) 2019-01-30 18:20:04 +01:00
Andrew Ruthven
dccd7997f7 Merge branch 'master' into hungerburg/davical-master 2019-01-30 22:25:46 +13:00
Andrew Ruthven
ebd169e555 Merge branch 'JJJollyjim/davical-freebusy-modified-instances' 2019-01-30 22:19:25 +13:00
Andrew Ruthven
8966a044a2 Merge branch 'JJJollyjim/davical-rrule-expansion-limit' 2019-01-29 23:06:03 +13:00
Jamie McClymont
cf2f019419 Increase, and make configurable, the limit for rrule expansion 2019-01-28 04:51:37 +00:00
Jamie McClymont
aea6be279b RRule Expansion: Do not emit recurrences for instances with RRULEs 
This matches the behaviour of Evolution and Thunderbird
 2019-01-28 17:17:28 +13:00
Jamie McClymont
ffa06343a3 Fix bugs in expansion of events with overridden instances 2019-01-28 15:29:55 +13:00
Jamie McClymont
6a3619aaad Swallow errors when updating instance ranges on TZ changes 2019-01-10 16:51:40 +13:00
Jamie McClymont
fe443bf2e6 Update instance range columns when a collection's timezone changes 
TODO: Handle the case where it is updated through the web UI
 2019-01-08 14:09:16 +13:00
Andrew Ruthven
bcdf59ae2e Merge branch 'JJJollyjim/davical-refactor-freebusy' 2019-01-04 22:37:25 +13:00
Jamie McClymont
c4321dac9f Fix excessive SQL queries in calendar-sync REPORT 
The calendar-sync REPORT fetches the collection as a DAVResource, then
instantiates a DAVResource for each event in the collection.

Unfortunately, ByRow in DAVResource fetches the resource's collection from the
database!

This commit populates each DAVResource's collection field with the
already-fetched collection when performing calendar-sync queries.
 2019-01-04 14:13:41 +13:00
Jamie McClymont
4f06aeec10 Use first_instance_start / last_instance_end to filter freebusy queries 2019-01-03 17:48:43 +13:00
Jamie McClymont
a2b393317d Populate first_instance_start and last_instance_end on resource write 2019-01-03 17:48:42 +13:00
Jamie McClymont
cf7de16e59 Handle default timezones in getVCalendarRange 
Also includes some PHPUnit-based tests for this function!
 2019-01-03 17:48:42 +13:00
Jamie McClymont
5fc3875345 Pull the freebusy floating-time handling into a function 2019-01-03 16:04:28 +13:00
Florian Schlichting
19eb79ebf9 provide defaults for unused function parameters (fixes #155) 
PHP 7.1 throws an exception when a user-defined function is called with
too few arguments: http://php.net/manual/en/migration71.incompatible.php

As explained in the comments, collection_privilege_format_function and
principal_privilege_format_function take three arguments because of
their use as a rendering callback, however the latter two of them are
never used and thus can be ommitted in other uses.
 2018-12-29 19:38:13 +01:00
Florian Schlichting
44bb5cf7b6 fix to more uses of continue inside switch discovered by CI 
I wonder why I saw the first few, but not these?
 2018-12-22 19:56:25 +01:00
Florian Schlichting
a51caa38f1 properly check if $row has been unset (fixes #141) 
Also fix deprecation warnings introduced with PHP 7.3 about the use of
continue inside switch statements, see
https://wiki.php.net/rfc/continue_on_switch_deprecation
 2018-12-22 19:13:13 +01:00
Andrew Ruthven
55586c784e Remove use of $old_attendees 
Closes #141
 2018-12-22 19:12:50 +01:00
Florian Schlichting
c3654a9d48 call fetch_external with external_ua_string (fixes #164) 2018-12-22 00:02:09 +01:00
Florian Schlichting
c21313d05e Merge branch 'fix_max_carddav_resource_size' into 'master' 
Introduce new global variable to control maximum size of carddav resources.

See merge request davical-project/davical!53
 2018-12-21 22:43:53 +00:00
Jamie McClymont
0e0a07eb30 Fix returning dead properties in an allprop PROPFIND 
dead_properties is an assoc.array from name to value, but it was being merged
with simple arrays of property names.

This means that tests 0824 and 0828 now actually return the dead properties, so
I've updated those result files.

Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
 2018-11-30 15:59:04 +13:00
Andrew Ruthven
bdc480b785 Merge branch 'freebusy-no-ci' into 'master' 
Correctly place floating events in freebusy

Closes #169 and #146

See merge request davical-project/davical!57
 2018-11-13 22:19:49 +00:00
Andrew Ruthven
48efbb272b Fix Fatal PHP Error if Depth is more than 1. 
Merge request was proposed by xhess on GitLab, but the commit
had no content. I've solved it, possibly the same way.

For the initial commit:
Executing the second example at https://wiki.davical.org/index.php?title=PROPFIND
The "Depth: 2" header is the problem. Setting the depth header larger than 1
causes the function "compare_val_with_re" to be defined again. Now checking if
the function has already been defined fixes the problem.
 2018-11-12 19:32:34 +13:00
Jamie McClymont
ec67b28bf0 Guess the timezone of non-all-day floating events in freebusy 
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
 2018-11-09 15:41:02 +13:00
Jamie McClymont
91aaf48648 Guess the timezone of VALUE=DATE events in freebusy 
Resolves #146
 2018-10-31 12:09:45 +13:00
Andrew Ruthven
2873c89149 Fix a typo of this. 
Closes #145
 2018-10-02 19:53:44 +13:00
“Paul
c5891abc7f Introduce new global variable to control maximum size of carddav resources. 2018-08-30 17:23:12 +02:00
Paul Kallnbach
9a430130d8 increase maximum resource size to infinity. this might be potentially dangerous but it is what's claimed in inc/caldav-MKCOL.php: 
case 'urn:ietf:params:xml:ns:caldav:max-resource-size':  /** Ignored, since we will support arbitrary size */
this solves issue #80 (large contact photos not being accepted by the server). we might wanna think about a larger limit instead, e.g. increase the limit from 65kB to 6.5MB
 2018-05-22 15:17:28 +00:00
Florian Schlichting
04bf91cf5c Merge branch 'php4-constructor-removal' into 'master' 
replace php4 style constructors with __construct

See merge request davical-project/davical!50
 2018-04-25 16:08:05 +00:00
wmbr
fc37b68461 Fix a typo in DAV_AllProperties which caused dead properties to be omitted 2018-04-25 00:50:53 +00:00
Till Schäfer
26bab04599 replace php4 style constructors with __construct 2018-03-21 16:59:35 +01:00
Florian Schlichting
d459b489ac external fetch: improve error reporting 2018-01-13 23:46:46 +01:00
Florian Schlichting
81874649f7 external fetch: handle initial NULL of collection.modified 2018-01-13 23:22:12 +01:00
Florian Schlichting
05397d635c release 1.1.6 2018-01-12 00:15:36 +01:00
Frank Steinberg
9363a3d19a Improved handling of event modifications: 
- only some event attributes modified by the organizer get also modified in attendees' instances of the event,
- revoked invitations mark the according attendee's event appropriately,
- a changed event time resets all attendees' PARTSTAT to NEEDS-ACTION.
 2018-01-11 23:08:17 +01:00
Nomad Arton
c04f818c4c Make log_caldav_action log calendar_item summary 2018-01-11 14:09:35 +00:00
Nomad Arton
bc7fd66b5f Make log_caldav_action log to syslog 
Additionally, not only log intended actions,
but also log completed actions
 2018-01-11 14:02:30 +00:00
Nomad Arton
0164cd38ab Move log_caldav_action() so that it is called before the DELETE 2018-01-11 13:57:03 +00:00
Andrew McMillan
5edf66321d Fix common etag match code, use it everywhere. 2018-01-10 21:50:55 +00:00
Andrew McMillan
0966e5ce68 Tidy up some PHPdoc in DAVResource 2018-01-10 21:50:39 +00:00