Fixed grouped Properties naming (e.g. Addresses: item1.ADR instead of just ADR) …
…that caused item1.ADR to be written to DB(address_address_adr) because it doesn't match ADR, fix works ofr every grouped Property (yet there is only ADR...)
Added VCard Property ORG as nondefault (because it takes more then one Value)
Fixed false handling of Properties that can have more than one value (e.g. ORG) where values are seperated by semicolons
See merge request !19
Removed favicon.ico work around (fix#53, Debian bug #703294)
This relates to debian bug report #703294 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703294>; of Chris Mitterer. He makes the case to delete a block at the very beginning of the file caldav.php.
Andrew authored that code block once (6 years ago?) with the following commit message:
> Provide passthru on icons, images, css and js files.
> In Chrome it requests the favicon (for example) very frequently
> which was causing a prompt for authentication where there was a
> poorly considered regex in the rewrite rules. I think this is
> a good backup to the rewrite rules to pass through on such files.
As far as i unterstand the code it does in fact passthrough requests for favicon.ico. But these should not happen at all anyway (but seem to have happened with a specific browser and a malformed rewrite rule). And I agree with Chris: most of the code does not work as intended and is potentially introducing security holes.
So after having a closer look on this I vote to follow the recommendation of Chris to DELETE this block and close the bug.
See merge request !20
Added VCard Property ORG as nondefault (because it takes more then one Value)
Fixed false handling of Properties that can have more than one value (e.g. ORG) where values are seperated by semicolons
Fix positive PROPPATCH response message body.
The response values must be inside a DAV:response element, which was missing before.
See merge request !18
Fix add-member support for calendars
Change the add-member parameter to add_member to match the name of the global variable name. Otherwise the global variable was always unset and the generic POST handler handled the request instead of the PUT handler for vcalendars.
Make sure to return a Location header when adding a vcalendar using add-member POST.
See merge request !14
Add component parameter to content-types headers and getcontenttype properties
This allows clients using sync-collection requests to filter the results quickly by just looking at the content-type without having to parse the calendar data.
See merge request !15
Basic Auth Bugfix
Bugfix on Basic Auth username/password split.
Basic Auth uses a colon (":") to separate the username and password values. Using the php 'explode' function on this string without limiting the number of substrings returned can truncate the users password if it contains a colon.
By limiting the explode to 2, we get back the username and whatever else is left as the password (hence not truncated).
See merge request !12
Fixed broken import function (fixes#38)
Removes a doubled code block introduced in commit 8e60bb3124e2cc4ff09f388e520f3b6935ffc733 causing imports to fail after the first one.
See merge request !13
Basic Auth uses a colon (":") to separate the username and
password values. Using the php 'explode' function on this
string without limiting the number of substrings returned
can truncate the users password if it contains a colon.
By limiting the explode to 2, we get back the username and
whatever else is left as the password (hence not truncated).
to control whether the obsolete Scheduling property
"calendar-free-busy-set" is populated during a PROPFIND. For Issue #31,
Database Performance Improvements.
Added in support of Issue #31, Database Performance Improvements. Note
creation of 1.2.12 db patch script - may need renaming or other special
treatment when merging this branch.
Fix current-user-principal
The RFC 5397 (http://tools.ietf.org/html/rfc5397) states that current-user-principal should return the principal URL for the current user, the one who is currently authenticated.
DAViCal answers with the principal URL for the owner of the resource right now, so this is a simple patch to fix this behaviour.
See merge request !9
Loop Over AWL Directory Candidates
Using this method we're able to loop over the candidate directories
until we find what should be suitable AWL location. Further, adding
additional locations is as simple as adding a new line to ${awldirs}.
It does have the limitation that if the path has a new line in it
(/some/ridic
ulous/path), it'll treat it as two different paths. However, if
somebody seriously has that, they deserve the pain.
See merge request !10
Using this method we're able to loop over the candidate directories
until we find what should be suitable AWL location. Further, adding
additional locations is as simple as adding a new line to ${awldirs}.
It does have the limitation that if the path has a new line in it
(/some/ridic
ulous/path), it'll treat it as two different paths. However, if
somebody seriously has that, they deserve the pain.
