nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,958 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

84 Commits

Author SHA1 Message Date
Andrew Ruthven
658bd4e786 Use request ID 2024-03-11 00:41:37 +13:00
eppesuig
de29c6c6ee Better check for $_SERVER['PATH_INFO'] 2023-06-21 23:21:57 +00:00
Florian Schlichting
4301a795ac release davical 1.1.12 2023-03-13 22:00:55 +01:00
Andrew Ruthven
0762022453 Depend on AWL 0.64 to get fixed memcache support 2023-01-18 00:11:57 +13:00
Andrew Ruthven
7a8c7b5b25 Convert loop_limit to a config item 2022-12-15 20:50:44 +00:00
Florian Schlichting
88670bfa39 release davical 1.1.11 2022-10-04 14:05:19 +02:00
Dirk Bauer
b3b2ccc6c0 Fixed php8 deprecation for htmlspecialchars (#fixes 266) 2022-07-12 03:25:15 +00:00
Andrew Ruthven
8096807c6d Fixes for warnings in PHP 8.1 2022-02-12 23:41:28 +13:00
Andrew Ruthven
23831686bb Don't escape HTML characters in the password. 
We allow them when users set their passwords, and no doubt allowed
from LDAP and other external sources. We should allow them to be
entered. Closes #229.
 2021-08-11 21:42:01 +12:00
Florian Schlichting
9da21ad116 release davical 1.1.10 2021-03-01 21:24:48 +08:00
Klaus M Pfeiffer
042ce5f076 add feature list_everyone (fixes #59) 2021-02-08 17:41:28 +00:00
Florian Schlichting
55d485045f release 1.1.9.3 2020-04-13 22:43:07 +02:00
Florian Schlichting
699d077834 release 1.1.9.2: also check CSRF token in collection-edit.php 2019-12-12 00:25:20 +08:00
Florian Schlichting
e2c6b927c8 HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings 2019-12-06 18:17:18 +08:00
Jim Fenton
a3acb770ac release 1.1.9.1: fix XSS function lost in rebuild of always.php 2019-12-03 16:35:08 -08:00
Jim Fenton
e2070c9b7a release 1.1.9 2019-12-03 15:10:05 -08:00
nielsvangijzen
86a8ec5302 Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-10-28 11:55:11 +01:00
Florian Schlichting
4af9595f4d release 1.1.8 2019-01-30 22:53:08 +01:00
“Paul
c5891abc7f Introduce new global variable to control maximum size of carddav resources. 2018-08-30 17:23:12 +02:00
Florian Schlichting
05397d635c release 1.1.6 2018-01-12 00:15:36 +01:00
Florian Schlichting
eba26021c7 update doc and fix a warning 2018-01-08 22:43:27 +01:00
Florian Schlichting
3ba605288f release 1.1.6 2017-10-25 11:48:43 +02:00
Florian Schlichting
4410d7e94a dont put caldav.php in special URLs 2017-09-19 21:23:06 +02:00
Florian Schlichting
bbea62d288 Merge branch 'server-array-upper' into 'master' 
Convert array keys for $_SERVER to uppercase

See merge request !38
 2017-04-24 21:59:08 +00:00
Jan Losinski
e97c9674e9 Convert array keys for $_SERVER to uppercase 
It seems to be the case, that array indicies in $_SERVER are always
uppercase. Sadly I could not find any documentation of this but at
least with mod_php it is the case. Also a extensive search on github
projects seems to support this thesis.

On my installation the 'X-FORWARDED-PROTO' is even then uppercase when
its mixed case in the Header provided by the reverse proxy.

Signed-off-by: Jan Losinski <losinski@wh2.tu-dresden.de>
 2017-04-13 03:00:36 +02:00
Florian Schlichting
06e20e5508 dont send early exceptions to the client only, leave a trace in the error log too 2017-04-08 16:43:21 +02:00
Florian Schlichting
4f72fdfea1 Bump davical version to 1.1.5, DB is at 1.3.2 2017-01-23 23:02:56 +01:00
Florian Schlichting
93bd6073b1 creating a DAVResource from "/ " loops a lot 2017-01-11 00:10:33 +01:00
Florian Schlichting
2c0c65d08a add optional support for X-Forwarded-Proto etc (closes: #87) 
Modify the relevant $_SERVER variables directly, as we're using them in
various places in davical and awl.
 2017-01-06 16:06:11 +01:00
Florian Schlichting
eb7f2edc0c eliminate trailing whitespace, expand tabs 2016-12-30 08:52:44 +01:00
Florian Schlichting
0901fd2756 Remove remaining references to $c->local_tzid (fixes #35) 2016-12-02 00:24:53 +01:00
Florian Schlichting
86447e31fe Set the same default timezone to Database and PHP 2016-12-01 19:17:22 +01:00
Andrew McMillan
b85f8e79fe Fail better! 
There's a long-standing annoyance about catching errors in the early
stages of startup - sometimes they seem to disappear nowhere and yet
nothing works.  This fixes at least part of that.
 2016-06-22 23:26:24 +01:00
Florian Schlichting
0281a8d619 adapt to AWL function rename get_fields() -> awl_get_fields() 2016-06-13 22:02:47 +02:00
Florian Schlichting
af1707ef1d prepare for 1.1.4 2016-01-03 19:09:56 +01:00
Jim Fenton
b95eade0b9 Update required version of AWL to 0.56 2015-12-10 14:04:01 -08:00
Florian Schlichting
cbe63d3182 release 1.1.3.1, fixing a critical typo in htdocs/always.php :-( 2014-10-07 08:48:19 +02:00
Florian Schlichting
37e814c647 release 1.1.3 2014-10-07 00:58:47 +02:00
Andrew McMillan
d0fffe490a Set the default timezone to the database as well as for PHP. 2013-09-26 14:24:08 +02:00
Andrew McMillan
cc8e6a0131 Release 1.1.2 2013-07-15 13:12:05 +12:00
Andrew McMillan
7e51fa8541 Release 1.1.1 2012-07-11 08:39:11 +12:00
Andrew McMillan
0d47b81e48 Remove bug trace. 2012-07-09 01:16:46 +12:00
Andrew McMillan
2f82e69cfb Correctly test for repeated caldav.php in URL. 2012-07-08 11:58:58 +12:00
Andrew McMillan
55aefbecce Try to trace how we get caldav.php/ doubled in a path. 2012-06-30 16:03:25 +12:00
Andrew McMillan
2538835a12 Seems that change to output buffer flushing is problematic with zlib. 2012-06-14 13:36:15 +12:00
Andrew McMillan
46addb00fd Fix some final niggles with setup.php and spurious logged errors. 2012-05-30 23:04:10 +12:00
Andrew McMillan
cf934f8a90 Release 1.1.0 2012-05-28 21:27:15 +12:00
Andrew McMillan
724a549502 Fix thinko. 2012-05-14 22:26:17 +12:00
Andrew McMillan
47363b4f41 We should error 500 when we have an exception that isn't caught. 2012-05-14 20:54:43 +12:00
Andrew McMillan
7f60277b83 Always default the timezone to something, even if the user did not. 2012-05-03 15:42:28 +12:00