}
if (!$dav_resource->Exists() && !$dav_resource->HavePrivilegeTo('DAV::bind')) {
$request->DoResponse(403);
}
if (!ini_get('open_basedir') && (isset($c->dbg['ALL']) || isset($c->dbg['put']) && $c->dbg['put'])) {
$fh = fopen('/tmp/PUT.txt', 'w');
if ($fh) {
fwrite($fh, $request->raw_post);
fclose($fh);
}
}
include_once 'caldav-PUT-functions.php';
controlRequestContainer($dav_resource->GetProperty('username'), $dav_resource->GetProperty('user_no'), $dav_resource->bound_from(), true);
$lock_opener = $request->FailIfLocked();
if ($dav_resource->IsCollection()) {
if ($dav_resource->IsPrincipal() || $dav_resource->IsBinding() || !isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections == true) {
$request->DoResponse(405);
// Method not allowed
return;
}
$appending = isset($_GET['mode']) && $_GET['mode'] == 'append';
/**
* CalDAV does not define the result of a PUT on a collection. We treat that
* as an import. The code is in caldav-PUT-functions.php
*/
import_collection($request->raw_post, $request->user_no, $request->path, true, $appending);
$request->DoResponse(200);
return;
}
$etag = md5($request->raw_post);
$ic = new iCalComponent($request->raw_post);
}
function rollback($response_code = 412)
{
global $request;
$qry = new AwlQuery('ROLLBACK');
$qry->Exec('move');
// Just in case
$request->DoResponse($response_code);
// And we don't return from that.
}
$qry = new AwlQuery('BEGIN');
if (!$qry->Exec('move')) {
rollback(500);
}
$src_name = $src->dav_name();
$dst_name = $dest->IsBinding() ? $dest->bound_from() : $dest->dav_name();
$src_collection = $src->GetProperty('collection_id');
$dst_collection = $dest->GetProperty('collection_id');
$src_user_no = $src->GetProperty('user_no');
$dst_user_no = $dest->GetProperty('user_no');
$cache = getCacheInstance();
$cachekeys = array();
if ($src->IsCollection()) {
$cachekeys[] = ($src->ContainerType() == 'principal' ? 'principal' : 'collection') . '-' . $src->parent_path();
$cachekeys[] = ($src->IsPrincipal() == 'principal' ? 'principal' : 'collection') . '-' . $src->dav_name();
$cachekeys[] = ($src->IsPrincipal() ? 'principal' : 'collection') . '-' . $dest->dav_name();
if ($dest->Exists()) {
$qry = new AwlQuery('DELETE FROM collection WHERE dav_name = :dst_name', array(':dst_name' => $dst_name));
if (!$qry->Exec('move')) {
rollback(500);
}
$request->DoResponse(500, translate('Database Error'));
}
fetch_external($row->bind_id, '');
$request->DoResponse(201);
} else {
$request->DoResponse(500, translate('Database Error'));
}
} else {
$source = new DAVResource($href);
if (!$source->Exists()) {
$request->PreconditionFailed(403, 'DAV::bind-source-exists', translate('The BIND Request MUST identify an existing resource.'));
}
if ($source->IsPrincipal() || !$source->IsCollection()) {
$request->PreconditionFailed(403, 'DAV::binding-allowed', translate('DAViCal only allows BIND requests for collections at present.'));
}
if ($source->IsBinding()) {
$source = new DAVResource($source->bound_from());
}
/*
bind_id INT8 DEFAULT nextval('dav_id_seq') PRIMARY KEY,
bound_source_id INT8 REFERENCES collection(collection_id) ON UPDATE CASCADE ON DELETE CASCADE,
access_ticket_id TEXT REFERENCES access_ticket(ticket_id) ON UPDATE CASCADE ON DELETE SET NULL,
parent_container TEXT NOT NULL,
dav_name TEXT UNIQUE NOT NULL,
dav_displayname TEXT,
external_url TEXT,
type TEXT
*/
$sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname )
VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname )';
$params = array(':target_id' => $source->GetProperty('collection_id'), ':ticket_id' => isset($request->ticket) ? $request->ticket->id() : null, ':parent_container' => $parent->dav_name(), ':session_principal' => $session->principal_id, ':dav_name' => $destination_path, ':displayname' => $source->GetProperty('displayname'));
<?php
/**
* CalDAV Server - handle PROPPATCH method
*
* @package davical
* @subpackage caldav
* @author Andrew McMillan <*****@*****.**>
* @copyright Morphoss Ltd - http://www.morphoss.com/
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2
*/
dbg_error_log("PROPPATCH", "method handler");
require_once 'iCalendar.php';
require_once 'DAVResource.php';
$dav_resource = new DAVResource($request->path);
if (!($dav_resource->HavePrivilegeTo('DAV::write-properties') || $dav_resource->IsBinding())) {
$request->DoResponse(403);
}
$position = 0;
$xmltree = BuildXMLTree($request->xml_tags, $position);
// echo $xmltree->Render();
if ($xmltree->GetTag() != "DAV::propertyupdate") {
$request->DoResponse(403);
}
/**
* Find the properties being set, and the properties being removed
*/
$setprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::set/DAV::prop/*");
$rmprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::remove/DAV::prop/*");
/**
* We build full status responses for failures. For success we just record
if ($qry->QDo("SELECT write_sync_change(collection_id, 404, caldav_data.dav_name) FROM caldav_data WHERE collection_id = :collection_id", $params) && $qry->QDo("DELETE FROM property WHERE dav_name LIKE (SELECT dav_name FROM collection WHERE collection_id = :collection_id) || '%'", $params) && $qry->QDo("DELETE FROM locks WHERE dav_name LIKE (SELECT dav_name FROM collection WHERE collection_id = :collection_id) || '%'", $params) && $qry->QDo("DELETE FROM caldav_data WHERE collection_id = :collection_id", $params) && $qry->QDo("DELETE FROM collection WHERE collection_id = :collection_id", $params)) {
@dbg_error_log("DELETE", "DELETE (collection): User: %d, ETag: %s, Path: %s", $session->user_no, $request->etag_if_match, $request->path);
return true;
}
return false;
}
if (!$dav_resource->Exists()) {
$request->DoResponse(404);
}
if (!($dav_resource->resource_id() > 0)) {
$request->DoResponse(403);
}
$qry = new AwlQuery();
$qry->Begin();
if ($dav_resource->IsCollection()) {
if ($dav_resource->IsBinding()) {
$params = array(':dav_name' => $dav_resource->dav_name());
if ($qry->QDo("DELETE FROM dav_binding WHERE dav_name = :dav_name", $params) && $qry->Commit()) {
@dbg_error_log("DELETE", "DELETE: Binding: %d, ETag: %s, Path: %s", $session->user_no, $request->etag_if_match, $request->path);
$request->DoResponse(204);
}
} else {
if (delete_collection($dav_resource->resource_id()) && $qry->Commit()) {
// Uncache anything to do with the collection
$cache = getCacheInstance();
$cache->delete('collection-' . $dav_resource->dav_name(), null);
$request->DoResponse(204);
}
}
} else {
if (isset($request->etag_if_match) && $request->etag_if_match != $dav_resource->unique_tag()) {
/**
* CalDAV Server - handle PROPPATCH method
*
* @package davical
* @subpackage caldav
* @author Andrew McMillan <*****@*****.**>
* @copyright Morphoss Ltd - http://www.morphoss.com/
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2
*/
dbg_error_log("PROPPATCH", "method handler");
require_once 'vCalendar.php';
require_once 'DAVResource.php';
$dav_resource = new DAVResource($request->path);
if (!$dav_resource->HavePrivilegeTo('DAV::write-properties')) {
$parent = $dav_resource->GetParentContainer();
if (!$dav_resource->IsBinding() || !$parent->HavePrivilegeTo('DAV::write')) {
$request->PreconditionFailed(403, 'DAV::write-properties', 'You do not have permission to write properties to that resource');
}
}
$position = 0;
$xmltree = BuildXMLTree($request->xml_tags, $position);
// echo $xmltree->Render();
if ($xmltree->GetNSTag() != "DAV::propertyupdate") {
$request->PreconditionFailed(403, 'DAV::propertyupdate', 'XML request did not contain a <propertyupdate> tag');
}
/**
* Find the properties being set, and the properties being removed
*/
$setprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::set/DAV::prop/*");
$rmprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::remove/DAV::prop/*");
/**
