nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,665 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

3665 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jim Fenton
a3acb770ac release 1.1.9.1: fix XSS function lost in rebuild of always.php r1.1.9.1 2019-12-03 16:35:08 -08:00
Jim Fenton
e2070c9b7a release 1.1.9 r1.1.9 2019-12-03 15:10:05 -08:00
Jim Fenton
072207e1c8 Merge branch '194-confidential-issue' 2019-12-03 14:39:40 -08:00
nielsvangijzen
1a917b30eb Addressed comments made by @puck42 2019-11-29 09:58:46 +01:00
Andrew Ruthven
d3a8771d01 Merge branch 'cprn/davical-master' 2019-11-26 23:00:09 +13:00
Andrew Ruthven
65ce5d443e Fix syntax 2019-11-26 22:51:37 +13:00
Andrew Ruthven
8e7866c550 Use a placeholder for another instance of collection_id 2019-11-26 22:24:49 +13:00
nielsvangijzen
86a8ec5302 Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-10-28 11:55:11 +01:00
Milan Crha
710bc6cccd Add missing 'break;' into RRule.php 2019-06-19 09:20:56 +00:00
Cyprian Guerra
2ba1d64b0c fixing Invalid parameter number: :collection_id 2019-03-28 10:52:32 +01:00
Florian Schlichting
75d4db9afb two more PHP5 curl 2019-03-11 22:46:37 +01:00
Andrew Ruthven
afe69f22d3 We need PHP curl, not specifically PHP5 curl 2019-03-07 16:15:34 +13:00
Jamie McClymont
535ae22ea1 Update minimum PHP version requirement (fairly conservatively) 
For context, debian jessie has 5.6, ubuntu trusty (out of support) has 5.5.

I believe I have used 5.4 array syntax in some DAViCal code, and made a change to AWL which requires 5.2.
 2019-03-06 04:58:17 +00:00
Jamie McClymont
9522fd5f3c Make range-based calendar queries use the new first_instance_start/last_instance_end columns 2019-02-28 16:00:19 +13:00
Jamie McClymont
b07019ed96 Make calquery expansion aware of the calendar default timezone 
This fixes cases where we emit floating times
 2019-02-28 16:00:19 +13:00
Florian Schlichting
97a2686459 fix more PHP7+ type hints for PHP5 compatibility (fixes #197) 2019-02-13 08:49:19 +01:00
Florian Schlichting
4af9595f4d release 1.1.8 r1.1.8 2019-01-30 22:53:08 +01:00
Florian Schlichting
9bc94556b4 add users to new groups in the "update groups" step 
do not maintain the same code twice
 2019-01-30 22:28:58 +01:00
Florian Schlichting
8d622df3e5 honour do_not_sync_group_from_ldap when creating groups, correctly display all results 
same for groups
 2019-01-30 22:18:43 +01:00
Florian Schlichting
eb0e9a8aec honour do_not_sync_from_ldap when creating users, correctly display all results 
despite its name, $c->do_not_sync_from_ldap did not stop accounts in
LDAP from being created in Davical, it only stopped accounts not in LDAP
from being deactived in Davical (like a local admin account)
 2019-01-30 21:57:24 +01:00
Florian Schlichting
afcaacaf2a do_not_sync_from_ldap for groups (fixes #158) 2019-01-30 21:42:01 +01:00
Florian Schlichting
de1e994cab make the Admin role inheritable (fix #140) 2019-01-30 21:12:06 +01:00
Florian Schlichting
6627018f77 turn PHP7+ type hint into phpdoc (fixes #185) 2019-01-30 18:20:04 +01:00
Andrew Ruthven
ace5cfe855 Sure bet to ensure we use a higher version number than Debian 2019-01-30 23:00:22 +13:00
Andrew Ruthven
f658a45d38 Provide example of how to enable audit logging 2019-01-30 22:59:05 +13:00
Andrew Ruthven
dccd7997f7 Merge branch 'master' into hungerburg/davical-master 2019-01-30 22:25:46 +13:00
Andrew Ruthven
ebd169e555 Merge branch 'JJJollyjim/davical-freebusy-modified-instances' 2019-01-30 22:19:25 +13:00
Andrew Ruthven
8966a044a2 Merge branch 'JJJollyjim/davical-rrule-expansion-limit' 2019-01-29 23:06:03 +13:00
Jamie McClymont
cf2f019419 Increase, and make configurable, the limit for rrule expansion 2019-01-28 04:51:37 +00:00
Jamie McClymont
aea6be279b RRule Expansion: Do not emit recurrences for instances with RRULEs 
This matches the behaviour of Evolution and Thunderbird
 2019-01-28 17:17:28 +13:00
Jamie McClymont
ffa06343a3 Fix bugs in expansion of events with overridden instances 2019-01-28 15:29:55 +13:00
Jamie McClymont
6a3619aaad Swallow errors when updating instance ranges on TZ changes 2019-01-10 16:51:40 +13:00
Jamie McClymont
fe443bf2e6 Update instance range columns when a collection's timezone changes 
TODO: Handle the case where it is updated through the web UI
 2019-01-08 14:09:16 +13:00
Andrew Ruthven
7b55b7b1f2 meh, I give up on php for now 2019-01-05 00:31:37 +13:00
Andrew Ruthven
93f290e44d The pipeline showed 7.3 as being available, ah well. 2019-01-05 00:29:16 +13:00
Andrew Ruthven
f813fa3b0e Specific PHP version... 2019-01-05 00:27:40 +13:00
Andrew Ruthven
4c930a41d2 Package build wants dot for graphs, and to run php 2019-01-05 00:26:22 +13:00
Andrew Ruthven
65a6a51d7b Need to use sprintf! 2019-01-05 00:12:34 +13:00
Andrew Ruthven
6bcece8632 Make the default settings stand out more 2019-01-04 22:54:37 +13:00
Andrew Ruthven
bcdf59ae2e Merge branch 'JJJollyjim/davical-refactor-freebusy' 2019-01-04 22:37:25 +13:00
Jamie McClymont
c4321dac9f Fix excessive SQL queries in calendar-sync REPORT 
The calendar-sync REPORT fetches the collection as a DAVResource, then
instantiates a DAVResource for each event in the collection.

Unfortunately, ByRow in DAVResource fetches the resource's collection from the
database!

This commit populates each DAVResource's collection field with the
already-fetched collection when performing calendar-sync queries.
 2019-01-04 14:13:41 +13:00
Jamie McClymont
e449529f34 Fix tests after freebusy query changes 
The todo item added in 0514-iCal-PUT-VTODO.test was apparently not picked up by
the PL/pgSQL functions, which as far as I can tell is an error, since the event
is in the 2006-2007 range covered by the query. The new
first_instance_start/last_instance_end method for determining freebusy
information now allows the todo to appear in freebusy.
 2019-01-03 17:48:43 +13:00
Jamie McClymont
4f06aeec10 Use first_instance_start / last_instance_end to filter freebusy queries 2019-01-03 17:48:43 +13:00
Jamie McClymont
a2b393317d Populate first_instance_start and last_instance_end on resource write 2019-01-03 17:48:42 +13:00
Jamie McClymont
cf7de16e59 Handle default timezones in getVCalendarRange 
Also includes some PHPUnit-based tests for this function!
 2019-01-03 17:48:42 +13:00
Jamie McClymont
0c006b5c7c Make the recurrence range columns in the database tz-aware 2019-01-03 16:04:28 +13:00
Jamie McClymont
5fc3875345 Pull the freebusy floating-time handling into a function 2019-01-03 16:04:28 +13:00
Jamie McClymont
28c78023b5 Keep Apache logs as CI artifacts for debugging failures 2019-01-03 16:04:28 +13:00
Florian Schlichting
7330eaf995 checkpoint scheduling test results and add them to CI runner (fixes: #170) 
I think these remaining changes are due to AWLs vCalendar->GetItip()
creating a "minimal iTIP version" of events, and Jan Mate's "various
scheduling related fixes" in 31af435c and 92f48f38
 2018-12-31 03:34:37 +01:00
Florian Schlichting
df13612a68 mask unstable DTSTAMP in scheduling tests 
It is reset to the current date in AWL's vCalendar->GetItip()
 2018-12-31 03:23:08 +01:00