nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,918 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

387 Commits

Author SHA1 Message Date
Andrew Ruthven
216c253ad9 Set a sane timeout for fetching the current DAViCal version 
Without this it takes 90 seconds to timeout.
 2024-01-20 15:27:51 +13:00
Andrew Ruthven
d42c3dc186 Add PHP version check to setup.php 2024-01-20 15:27:51 +13:00
eppesuig
de29c6c6ee Better check for $_SERVER['PATH_INFO'] 2023-06-21 23:21:57 +00:00
Florian Schlichting
4301a795ac release davical 1.1.12 2023-03-13 22:00:55 +01:00
Andrew Ruthven
0762022453 Depend on AWL 0.64 to get fixed memcache support 2023-01-18 00:11:57 +13:00
Andrew Ruthven
7a8c7b5b25 Convert loop_limit to a config item 2022-12-15 20:50:44 +00:00
Piotr Filip
35641b099a refactor scripts to allow operation with Content-Security-Policy: script-src 'self' 2022-12-12 21:32:57 +00:00
Florian Schlichting
88670bfa39 release davical 1.1.11 2022-10-04 14:05:19 +02:00
Dirk Bauer
b3b2ccc6c0 Fixed php8 deprecation for htmlspecialchars (#fixes 266) 2022-07-12 03:25:15 +00:00
Andrew Ruthven
8096807c6d Fixes for warnings in PHP 8.1 2022-02-12 23:41:28 +13:00
Andrew Ruthven
9d520ab56d Don't check for magic quotes on PHP 8 or newer - functions removed. 
This fix removes complaints about trying to call non-existant functions
as they have been removed from PHP 8. This closes #234.
 2021-09-18 21:50:07 +12:00
Andrew Ruthven
23831686bb Don't escape HTML characters in the password. 
We allow them when users set their passwords, and no doubt allowed
from LDAP and other external sources. We should allow them to be
entered. Closes #229.
 2021-08-11 21:42:01 +12:00
Florian Schlichting
9da21ad116 release davical 1.1.10 2021-03-01 21:24:48 +08:00
Andrew Ruthven
bda3db6da8 Return a nicer error message if no user is found for Free/Busy via email 
Previously a stack trace would be returned as the call to dav_name failed,
for example:

Exception [0] Can't calculate dav_name for unknown username
At line 382 of /usr/share/davical/inc/Principal.php
================= Stack Trace ===================
/usr/share/davical/htdocs/freebusy.php[49] Principal->dav_name()
 2021-03-02 00:26:49 +13:00
Klaus M Pfeiffer
042ce5f076 add feature list_everyone (fixes #59) 2021-02-08 17:41:28 +00:00
Jan Hicken
6cdbfcf226 Add default value for errcontext variable in error handler function 
This variable is no longer passed in PHP 8.0.

It cannot be removed however, because it would not be backwards
compatible.
 2021-02-03 14:57:57 +00:00
Florian Schlichting
55d485045f release 1.1.9.3 2020-04-13 22:43:07 +02:00
Florian Schlichting
699d077834 release 1.1.9.2: also check CSRF token in collection-edit.php 2019-12-12 00:25:20 +08:00
Florian Schlichting
e2c6b927c8 HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings 2019-12-06 18:17:18 +08:00
Jim Fenton
a3acb770ac release 1.1.9.1: fix XSS function lost in rebuild of always.php 2019-12-03 16:35:08 -08:00
Jim Fenton
e2070c9b7a release 1.1.9 2019-12-03 15:10:05 -08:00
nielsvangijzen
86a8ec5302 Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-10-28 11:55:11 +01:00
Florian Schlichting
4af9595f4d release 1.1.8 2019-01-30 22:53:08 +01:00
Andrew Ruthven
65a6a51d7b Need to use sprintf! 2019-01-05 00:12:34 +13:00
Andrew Ruthven
040ed9767f Merge remote-tracking branch 'origin/include-version-in-setup' 2018-12-30 21:58:18 +13:00
Andrew Ruthven
979667850b If DAViCal or AWL versions pass, show the running version. 
Closes #151
 2018-10-02 20:41:12 +13:00
“Paul
c5891abc7f Introduce new global variable to control maximum size of carddav resources. 2018-08-30 17:23:12 +02:00
Florian Schlichting
05397d635c release 1.1.6 2018-01-12 00:15:36 +01:00
Florian Schlichting
f37daa4ed7 clean up obsolete code: supported_methods and supported_reports was moved to DAVResource 2018-01-08 22:45:33 +01:00
Florian Schlichting
eba26021c7 update doc and fix a warning 2018-01-08 22:43:27 +01:00
Florian Schlichting
3ba605288f release 1.1.6 2017-10-25 11:48:43 +02:00
Florian Schlichting
8f16da75eb fix "PHP Warning: preg_match(): No ending delimiter '.' found" 
the second argument of param_to_global, if set, becomes the first
argument of a call to preg_match(). Unless it's the special value 'int',
it needs to have regex delimiters around it, like '/.*/'

In this case, we're not interested in the value of the add-member
parameter, we only want to check for its existence, so skip validation.
 2017-10-04 23:02:12 +02:00
Florian Schlichting
4410d7e94a dont put caldav.php in special URLs 2017-09-19 21:23:06 +02:00
Florian Schlichting
5f3aecfda4 Revert "Support http://.../freebusy.php?foo@example.com" 
This reverts commit 38788acc5cbec147d6a46a6254ef8eec0a270c71, which
causes the following tests to fail (not return any FREEBUSY):

    tests/regression-suite/0832-freebusy.test
    tests/regression-suite/0836-freebusy.test
    tests/regression-suite/0837-freebusy.test
    tests/regression-suite/0888-GET-freebusy.test
 2017-09-19 20:01:00 +02:00
Andrew Ruthven
38788acc5c Support http://.../freebusy.php?foo@example.com 
Sometimes users set the Free/Busy URL to have a ?, not a /. Let's
support that.
 2017-05-16 13:33:19 +12:00
Florian Schlichting
b1191bd83c caldav: leave some info about the exception we are catching 2017-04-28 17:43:13 +02:00
Florian Schlichting
bbea62d288 Merge branch 'server-array-upper' into 'master' 
Convert array keys for $_SERVER to uppercase

See merge request !38
 2017-04-24 21:59:08 +00:00
Jan Losinski
e97c9674e9 Convert array keys for $_SERVER to uppercase 
It seems to be the case, that array indicies in $_SERVER are always
uppercase. Sadly I could not find any documentation of this but at
least with mod_php it is the case. Also a extensive search on github
projects seems to support this thesis.

On my installation the 'X-FORWARDED-PROTO' is even then uppercase when
its mixed case in the Header provided by the reverse proxy.

Signed-off-by: Jan Losinski <losinski@wh2.tu-dresden.de>
 2017-04-13 03:00:36 +02:00
Florian Schlichting
06e20e5508 dont send early exceptions to the client only, leave a trace in the error log too 2017-04-08 16:43:21 +02:00
Florian Schlichting
4f72fdfea1 Bump davical version to 1.1.5, DB is at 1.3.2 2017-01-23 23:02:56 +01:00
Florian Schlichting
21b5f8bacf Update apache-davical.conf adding .well-known rewriting 2017-01-17 23:39:53 +01:00
Florian Schlichting
93bd6073b1 creating a DAVResource from "/ " loops a lot 2017-01-11 00:10:33 +01:00
Florian Schlichting
2c11535eb0 use secure URIs where possible 2017-01-08 15:48:52 +01:00
Florian Schlichting
2c0c65d08a add optional support for X-Forwarded-Proto etc (closes: #87) 
Modify the relevant $_SERVER variables directly, as we're using them in
various places in davical and awl.
 2017-01-06 16:06:11 +01:00
Florian Schlichting
55d15d2eed use https for retrieving current_davical_version (fixes #1) 2017-01-06 16:06:11 +01:00
Florian Schlichting
404d9ab449 fix remaining apigen errors (duplicate function names etc) 2016-12-30 08:54:24 +01:00
Florian Schlichting
eaef540766 replace RRule with RRule-v2 2016-12-30 08:54:14 +01:00
Florian Schlichting
eb7f2edc0c eliminate trailing whitespace, expand tabs 2016-12-30 08:52:44 +01:00
Christoph Anton Mitterer
70bd8cf0ce handle failing version check when allow_url_fopen is set to false (closes: #57) 2016-12-02 21:57:24 +01:00
Florian Schlichting
0901fd2756 Remove remaining references to $c->local_tzid (fixes #35) 2016-12-02 00:24:53 +01:00