DTSTART/DTEND can be DATE values instead of DATE-TIME. Our database uses
TIMESTAMP WITH TIME ZONE as field type, which seems to accept 19011224
but not values before 1900, such as 18961224. This patch changes values
between 1000 and 1900 to DATE-TIME by adding "T000000Z"
Patch contributed by Benedikt Spranger <b.spranger@linutronix.de>
Patch limited to dates between 1000 and 1900 by Florian Schlichting
<fsfs@debian.org>
This reverts commit 3ab7787f7b2c6bebccbacb31396f77f09aa93f09.
The correct fix for the underlying issue which this attempted
to work around was applied in the AWL/XMLElement Render method.
["correct fix" likely refers to awl commits
4b56e64bc7127a12df737f157e36fd2de19391dd,
2589e71e18e6ced753500afe0197995290fac52c,
aafbd7b1e6ffb59166d57725102f2f5a817a8590 and
46b112f85711732b62e70f2fb40b866423bbf3b5
picked from github handle-remote-attendees branch]
As can be seen from the reporter's debug output, the problem is that
the POST goes to .../?add-member, whereas davical expects / works with /
redirects to ?add_member (note the underscore). So we have davical treat
?add-member the same as ?add_member
Fixed grouped Properties naming (e.g. Addresses: item1.ADR instead of just ADR) …
…that caused item1.ADR to be written to DB(address_address_adr) because it doesn't match ADR, fix works ofr every grouped Property (yet there is only ADR...)
Added VCard Property ORG as nondefault (because it takes more then one Value)
Fixed false handling of Properties that can have more than one value (e.g. ORG) where values are seperated by semicolons
See merge request !19
Removed favicon.ico work around (fix#53, Debian bug #703294)
This relates to debian bug report #703294 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703294>; of Chris Mitterer. He makes the case to delete a block at the very beginning of the file caldav.php.
Andrew authored that code block once (6 years ago?) with the following commit message:
> Provide passthru on icons, images, css and js files.
> In Chrome it requests the favicon (for example) very frequently
> which was causing a prompt for authentication where there was a
> poorly considered regex in the rewrite rules. I think this is
> a good backup to the rewrite rules to pass through on such files.
As far as i unterstand the code it does in fact passthrough requests for favicon.ico. But these should not happen at all anyway (but seem to have happened with a specific browser and a malformed rewrite rule). And I agree with Chris: most of the code does not work as intended and is potentially introducing security holes.
So after having a closer look on this I vote to follow the recommendation of Chris to DELETE this block and close the bug.
See merge request !20
Added VCard Property ORG as nondefault (because it takes more then one Value)
Fixed false handling of Properties that can have more than one value (e.g. ORG) where values are seperated by semicolons
Fix positive PROPPATCH response message body.
The response values must be inside a DAV:response element, which was missing before.
See merge request !18
Fix add-member support for calendars
Change the add-member parameter to add_member to match the name of the global variable name. Otherwise the global variable was always unset and the generic POST handler handled the request instead of the PUT handler for vcalendars.
Make sure to return a Location header when adding a vcalendar using add-member POST.
See merge request !14
Add component parameter to content-types headers and getcontenttype properties
This allows clients using sync-collection requests to filter the results quickly by just looking at the content-type without having to parse the calendar data.
See merge request !15
Basic Auth Bugfix
Bugfix on Basic Auth username/password split.
Basic Auth uses a colon (":") to separate the username and password values. Using the php 'explode' function on this string without limiting the number of substrings returned can truncate the users password if it contains a colon.
By limiting the explode to 2, we get back the username and whatever else is left as the password (hence not truncated).
See merge request !12
Fixed broken import function (fixes#38)
Removes a doubled code block introduced in commit 8e60bb3124e2cc4ff09f388e520f3b6935ffc733 causing imports to fail after the first one.
See merge request !13
Basic Auth uses a colon (":") to separate the username and
password values. Using the php 'explode' function on this
string without limiting the number of substrings returned
can truncate the users password if it contains a colon.
By limiting the explode to 2, we get back the username and
whatever else is left as the password (hence not truncated).
