nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-03-14 08:10:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,690 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

3690 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Ruthven
bd075897bb Merge branch 'awl-fix_abookquery_paramtextmatch' 2021-02-01 23:28:36 +13:00
Andrew Ruthven
f250d2deb5 Test case for negated values in awl-fix_abookquery_paramtextmatch 2021-02-01 23:27:42 +13:00
Andrew Ruthven
405af5e8d8 Merge branch 'awl-fix_abookquery_negated_propnotdef' 2021-01-31 21:34:24 +13:00
Andrew Ruthven
351b853948 Merge branch 'piotrfilip/davical-freebusy_count_fix' 2021-01-25 00:08:34 +13:00
Piotr Filip
e98bf7b682 fix: events with recurrence rule are sometimes counted one too many times in freebusy 2021-01-25 00:08:13 +13:00
Piotr Filip
bc1bbd3da0 test: remove dependency on the current date 2021-01-25 00:08:13 +13:00
Andrew Ruthven
33509866fb Update test results with new timezone data 2021-01-25 00:02:42 +13:00
Andrew Ruthven
99d9264320 Ignore zones.h and zones.tab 2021-01-24 23:47:11 +13:00
Andrew Ruthven
1c25d643e4 To start with there are no timezones in a fresh database 2021-01-24 23:44:40 +13:00
Andrew Ruthven
3817f2f61a Make the runs deterministic 2021-01-24 23:43:43 +13:00
Andrew Ruthven
b15e320fb7 Fix up update-tzdata.sh so it'll run 
On my Debian Sid system, the readlink commands return the empty string.
Given we use these as output files and the files to fetch, I figure
that using hardcoded names is better.
 2021-01-24 23:23:58 +13:00
Andrew Ruthven
696426bc81 Test case for awl-fix_abookquery_negated_propnotdef 2021-01-24 21:05:18 +13:00
Andrew Ruthven
9252a329d2 Test case for awl-fix_abookquery_paramtextmatch 2021-01-24 19:30:45 +13:00
Andrew Ruthven
e6a5fe8cb9 Test case for awl-fix_abookquery_paramtextmatch 2021-01-24 19:28:22 +13:00
Andrew Ruthven
65c0882672 Add help option for regression tests 2021-01-24 18:56:43 +13:00
Andrew Ruthven
b684e2468e Update some more results based on current regression tests 2021-01-24 00:27:04 +13:00
Andrew Ruthven
d06c74b297 Add test secondary (or more) properties 
This tests commit 1ef4c75 in AWL.
 2021-01-24 00:02:31 +13:00
Adrian Bunk
2a9ce31d1e Bug#962653: davical: diff for NMU version 1.1.9.3-1.1 debian/1.1.9.3-1.1 2020-07-06 14:37:43 +08:00
Florian Schlichting
3e8e7f21ab gitlab-ci: use latest Debian stable (fixes #221) 2020-04-14 17:56:34 +02:00
Florian Schlichting
55d485045f release 1.1.9.3 r1.1.9.3 2020-04-13 22:43:07 +02:00
Florian Schlichting
e64fd2b868 LSID logins were removed from AWL, drop related bits in davical 2020-04-04 17:44:12 +02:00
Florian Schlichting
699d077834 release 1.1.9.2: also check CSRF token in collection-edit.php r1.1.9.2 2019-12-12 00:25:20 +08:00
Florian Schlichting
007bf95589 use foreach() instead of deprecated each() (fixes #190) 2019-12-06 18:21:08 +08:00
Florian Schlichting
e2c6b927c8 HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings 2019-12-06 18:17:18 +08:00
nielsvangijzen
c8a0ca4531 Fix CSRF not being checked in collection-edit.php 2019-12-06 09:30:16 +01:00
Jim Fenton
a3acb770ac release 1.1.9.1: fix XSS function lost in rebuild of always.php r1.1.9.1 2019-12-03 16:35:08 -08:00
Jim Fenton
e2070c9b7a release 1.1.9 r1.1.9 2019-12-03 15:10:05 -08:00
Jim Fenton
072207e1c8 Merge branch '194-confidential-issue' 2019-12-03 14:39:40 -08:00
nielsvangijzen
1a917b30eb Addressed comments made by @puck42 2019-11-29 09:58:46 +01:00
Andrew Ruthven
d3a8771d01 Merge branch 'cprn/davical-master' 2019-11-26 23:00:09 +13:00
Andrew Ruthven
65ce5d443e Fix syntax 2019-11-26 22:51:37 +13:00
Andrew Ruthven
8e7866c550 Use a placeholder for another instance of collection_id 2019-11-26 22:24:49 +13:00
nielsvangijzen
86a8ec5302 Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-10-28 11:55:11 +01:00
Milan Crha
710bc6cccd Add missing 'break;' into RRule.php 2019-06-19 09:20:56 +00:00
Cyprian Guerra
2ba1d64b0c fixing Invalid parameter number: :collection_id 2019-03-28 10:52:32 +01:00
Florian Schlichting
75d4db9afb two more PHP5 curl 2019-03-11 22:46:37 +01:00
Andrew Ruthven
afe69f22d3 We need PHP curl, not specifically PHP5 curl 2019-03-07 16:15:34 +13:00
Jamie McClymont
535ae22ea1 Update minimum PHP version requirement (fairly conservatively) 
For context, debian jessie has 5.6, ubuntu trusty (out of support) has 5.5.

I believe I have used 5.4 array syntax in some DAViCal code, and made a change to AWL which requires 5.2.
 2019-03-06 04:58:17 +00:00
Jamie McClymont
9522fd5f3c Make range-based calendar queries use the new first_instance_start/last_instance_end columns 2019-02-28 16:00:19 +13:00
Jamie McClymont
b07019ed96 Make calquery expansion aware of the calendar default timezone 
This fixes cases where we emit floating times
 2019-02-28 16:00:19 +13:00
Florian Schlichting
97a2686459 fix more PHP7+ type hints for PHP5 compatibility (fixes #197) 2019-02-13 08:49:19 +01:00
Florian Schlichting
4af9595f4d release 1.1.8 r1.1.8 2019-01-30 22:53:08 +01:00
Florian Schlichting
9bc94556b4 add users to new groups in the "update groups" step 
do not maintain the same code twice
 2019-01-30 22:28:58 +01:00
Florian Schlichting
8d622df3e5 honour do_not_sync_group_from_ldap when creating groups, correctly display all results 
same for groups
 2019-01-30 22:18:43 +01:00
Florian Schlichting
eb0e9a8aec honour do_not_sync_from_ldap when creating users, correctly display all results 
despite its name, $c->do_not_sync_from_ldap did not stop accounts in
LDAP from being created in Davical, it only stopped accounts not in LDAP
from being deactived in Davical (like a local admin account)
 2019-01-30 21:57:24 +01:00
Florian Schlichting
afcaacaf2a do_not_sync_from_ldap for groups (fixes #158) 2019-01-30 21:42:01 +01:00
Florian Schlichting
de1e994cab make the Admin role inheritable (fix #140) 2019-01-30 21:12:06 +01:00
Florian Schlichting
6627018f77 turn PHP7+ type hint into phpdoc (fixes #185) 2019-01-30 18:20:04 +01:00
Andrew Ruthven
ace5cfe855 Sure bet to ensure we use a higher version number than Debian 2019-01-30 23:00:22 +13:00
Andrew Ruthven
f658a45d38 Provide example of how to enable audit logging 2019-01-30 22:59:05 +13:00