nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-04-28 15:40:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,711 Commits 11 Branches 61 Tags 14 MiB
Commit Graph

1942 Commits

Author SHA1 Message Date
Florian Schlichting
b4f8f5a6c1 cardquery: ensure restriction to target collection remains in force even when we find that we need a post_filter step and thus throw away the SQL 
this ensures a sane (but still wrong) result for
carddav/2051-REPORT-carddavclient-ParamNotDefinedSome
 2021-02-05 02:01:09 +08:00
Florian Schlichting
75f62a81f6 fix PHP8 deprecation warnings: "Required parameter X follows optional parameter Y" 
Deprecated: Required parameter $username follows optional parameter $attributes in inc/drivers_ldap.php on line 190
Deprecated: Required parameter $passwd follows optional parameter $attributes in inc/drivers_ldap.php on line 190
Deprecated: Required parameter $ua_string follows optional parameter $min_age in inc/external-fetch.php on line 42

As explained in https://www.php.net/manual/en/migration80.deprecated.php,
    If a parameter with a default value is followed by a required
    parameter, the default value has no effect. This is deprecated as of
    PHP 8.0.0 and can generally be resolved by dropping the default
    value, without a change in functionality
 2021-02-03 23:25:51 +08:00
Jan Hicken
f376be164e Use brackets instead of curly braces for string offset access 
Curly braces have been deprecated in PHP 7.4 and unsupported in PHP 8.0.
 2021-02-03 14:57:57 +00:00
Piotr Filip
e98bf7b682 fix: events with recurrence rule are sometimes counted one too many times in freebusy 2021-01-25 00:08:13 +13:00
Florian Schlichting
e64fd2b868 LSID logins were removed from AWL, drop related bits in davical 2020-04-04 17:44:12 +02:00
Florian Schlichting
007bf95589 use foreach() instead of deprecated each() (fixes #190) 2019-12-06 18:21:08 +08:00
Florian Schlichting
e2c6b927c8 HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings 2019-12-06 18:17:18 +08:00
nielsvangijzen
c8a0ca4531 Fix CSRF not being checked in collection-edit.php 2019-12-06 09:30:16 +01:00
Jim Fenton
a3acb770ac release 1.1.9.1: fix XSS function lost in rebuild of always.php 2019-12-03 16:35:08 -08:00
Jim Fenton
072207e1c8 Merge branch '194-confidential-issue' 2019-12-03 14:39:40 -08:00
nielsvangijzen
1a917b30eb Addressed comments made by @puck42 2019-11-29 09:58:46 +01:00
Andrew Ruthven
d3a8771d01 Merge branch 'cprn/davical-master' 2019-11-26 23:00:09 +13:00
Andrew Ruthven
65ce5d443e Fix syntax 2019-11-26 22:51:37 +13:00
Andrew Ruthven
8e7866c550 Use a placeholder for another instance of collection_id 2019-11-26 22:24:49 +13:00
nielsvangijzen
86a8ec5302 Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-10-28 11:55:11 +01:00
Milan Crha
710bc6cccd Add missing 'break;' into RRule.php 2019-06-19 09:20:56 +00:00
Cyprian Guerra
2ba1d64b0c fixing Invalid parameter number: :collection_id 2019-03-28 10:52:32 +01:00
Florian Schlichting
75d4db9afb two more PHP5 curl 2019-03-11 22:46:37 +01:00
Andrew Ruthven
afe69f22d3 We need PHP curl, not specifically PHP5 curl 2019-03-07 16:15:34 +13:00
Jamie McClymont
9522fd5f3c Make range-based calendar queries use the new first_instance_start/last_instance_end columns 2019-02-28 16:00:19 +13:00
Jamie McClymont
b07019ed96 Make calquery expansion aware of the calendar default timezone 
This fixes cases where we emit floating times
 2019-02-28 16:00:19 +13:00
Florian Schlichting
97a2686459 fix more PHP7+ type hints for PHP5 compatibility (fixes #197) 2019-02-13 08:49:19 +01:00
Florian Schlichting
9bc94556b4 add users to new groups in the "update groups" step 
do not maintain the same code twice
 2019-01-30 22:28:58 +01:00
Florian Schlichting
8d622df3e5 honour do_not_sync_group_from_ldap when creating groups, correctly display all results 
same for groups
 2019-01-30 22:18:43 +01:00
Florian Schlichting
eb0e9a8aec honour do_not_sync_from_ldap when creating users, correctly display all results 
despite its name, $c->do_not_sync_from_ldap did not stop accounts in
LDAP from being created in Davical, it only stopped accounts not in LDAP
from being deactived in Davical (like a local admin account)
 2019-01-30 21:57:24 +01:00
Florian Schlichting
afcaacaf2a do_not_sync_from_ldap for groups (fixes #158) 2019-01-30 21:42:01 +01:00
Florian Schlichting
de1e994cab make the Admin role inheritable (fix #140) 2019-01-30 21:12:06 +01:00
Florian Schlichting
6627018f77 turn PHP7+ type hint into phpdoc (fixes #185) 2019-01-30 18:20:04 +01:00
Andrew Ruthven
dccd7997f7 Merge branch 'master' into hungerburg/davical-master 2019-01-30 22:25:46 +13:00
Andrew Ruthven
ebd169e555 Merge branch 'JJJollyjim/davical-freebusy-modified-instances' 2019-01-30 22:19:25 +13:00
Andrew Ruthven
8966a044a2 Merge branch 'JJJollyjim/davical-rrule-expansion-limit' 2019-01-29 23:06:03 +13:00
Jamie McClymont
cf2f019419 Increase, and make configurable, the limit for rrule expansion 2019-01-28 04:51:37 +00:00
Jamie McClymont
aea6be279b RRule Expansion: Do not emit recurrences for instances with RRULEs 
This matches the behaviour of Evolution and Thunderbird
 2019-01-28 17:17:28 +13:00
Jamie McClymont
ffa06343a3 Fix bugs in expansion of events with overridden instances 2019-01-28 15:29:55 +13:00
Jamie McClymont
6a3619aaad Swallow errors when updating instance ranges on TZ changes 2019-01-10 16:51:40 +13:00
Jamie McClymont
fe443bf2e6 Update instance range columns when a collection's timezone changes 
TODO: Handle the case where it is updated through the web UI
 2019-01-08 14:09:16 +13:00
Andrew Ruthven
bcdf59ae2e Merge branch 'JJJollyjim/davical-refactor-freebusy' 2019-01-04 22:37:25 +13:00
Jamie McClymont
c4321dac9f Fix excessive SQL queries in calendar-sync REPORT 
The calendar-sync REPORT fetches the collection as a DAVResource, then
instantiates a DAVResource for each event in the collection.

Unfortunately, ByRow in DAVResource fetches the resource's collection from the
database!

This commit populates each DAVResource's collection field with the
already-fetched collection when performing calendar-sync queries.
 2019-01-04 14:13:41 +13:00
Jamie McClymont
4f06aeec10 Use first_instance_start / last_instance_end to filter freebusy queries 2019-01-03 17:48:43 +13:00
Jamie McClymont
a2b393317d Populate first_instance_start and last_instance_end on resource write 2019-01-03 17:48:42 +13:00
Jamie McClymont
cf7de16e59 Handle default timezones in getVCalendarRange 
Also includes some PHPUnit-based tests for this function!
 2019-01-03 17:48:42 +13:00
Jamie McClymont
5fc3875345 Pull the freebusy floating-time handling into a function 2019-01-03 16:04:28 +13:00
Florian Schlichting
19eb79ebf9 provide defaults for unused function parameters (fixes #155) 
PHP 7.1 throws an exception when a user-defined function is called with
too few arguments: http://php.net/manual/en/migration71.incompatible.php

As explained in the comments, collection_privilege_format_function and
principal_privilege_format_function take three arguments because of
their use as a rendering callback, however the latter two of them are
never used and thus can be ommitted in other uses.
 2018-12-29 19:38:13 +01:00
Florian Schlichting
44bb5cf7b6 fix to more uses of continue inside switch discovered by CI 
I wonder why I saw the first few, but not these?
 2018-12-22 19:56:25 +01:00
Florian Schlichting
a51caa38f1 properly check if $row has been unset (fixes #141) 
Also fix deprecation warnings introduced with PHP 7.3 about the use of
continue inside switch statements, see
https://wiki.php.net/rfc/continue_on_switch_deprecation
 2018-12-22 19:13:13 +01:00
Andrew Ruthven
55586c784e Remove use of $old_attendees 
Closes #141
 2018-12-22 19:12:50 +01:00
Florian Schlichting
c3654a9d48 call fetch_external with external_ua_string (fixes #164) 2018-12-22 00:02:09 +01:00
Florian Schlichting
c21313d05e Merge branch 'fix_max_carddav_resource_size' into 'master' 
Introduce new global variable to control maximum size of carddav resources.

See merge request davical-project/davical!53
 2018-12-21 22:43:53 +00:00
Jamie McClymont
0e0a07eb30 Fix returning dead properties in an allprop PROPFIND 
dead_properties is an assoc.array from name to value, but it was being merged
with simple arrays of property names.

This means that tests 0824 and 0828 now actually return the dead properties, so
I've updated those result files.

Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
 2018-11-30 15:59:04 +13:00
Andrew Ruthven
bdc480b785 Merge branch 'freebusy-no-ci' into 'master' 
Correctly place floating events in freebusy

Closes #169 and #146

See merge request davical-project/davical!57
 2018-11-13 22:19:49 +00:00