/**
* Intercepts GET requests on addressbook urls ending with ?export.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
if (!array_key_exists('export', $queryParams)) {
return;
}
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof IAddressBook) {
return;
}
$this->server->transactionType = 'get-addressbook-export';
// Checking ACL, if available.
if ($aclPlugin = $this->server->getPlugin('acl')) {
$aclPlugin->checkPrivileges($path, '{DAV:}read');
}
$nodes = $this->server->getPropertiesForPath($path, ['{' . Plugin::NS_CARDDAV . '}address-data'], 1);
$format = 'text/directory';
$output = null;
$filenameExtension = null;
switch ($format) {
case 'text/directory':
$output = $this->generateVCF($nodes);
$filenameExtension = '.vcf';
break;
}
$filename = preg_replace('/[^a-zA-Z0-9-_ ]/um', '', $node->getName());
$filename .= '-' . date('Y-m-d') . $filenameExtension;
$response->setHeader('Content-Disposition', 'attachment; filename="' . $filename . '"');
$response->setHeader('Content-Type', $format);
$response->setStatus(200);
$response->setBody($output);
// Returning false to break the event chain
return false;
}
/**
* Intercepts GET requests on addressbook urls ending with ?photo.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool|void
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
// TODO: in addition to photo we should also add logo some point in time
if (!array_key_exists('photo', $queryParams)) {
return true;
}
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof Card) {
return true;
}
$this->server->transactionType = 'carddav-image-export';
// Checking ACL, if available.
if ($aclPlugin = $this->server->getPlugin('acl')) {
/** @var \Sabre\DAVACL\Plugin $aclPlugin */
$aclPlugin->checkPrivileges($path, '{DAV:}read');
}
if ($result = $this->getPhoto($node)) {
$response->setHeader('Content-Type', $result['Content-Type']);
$response->setStatus(200);
$response->setBody($result['body']);
// Returning false to break the event chain
return false;
}
return true;
}
/**
* After method, copy the "Etag" header to "OC-Etag" header.
*
* @param RequestInterface $request request
* @param ResponseInterface $response response
*/
public function afterMethod(RequestInterface $request, ResponseInterface $response)
{
$eTag = $response->getHeader('Etag');
if (!empty($eTag)) {
$response->setHeader('OC-ETag', $eTag);
}
}
/**
* Handles POST requests for tree operations not handled in the SabreDAV parent clas
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
public function httpPOSTExtra(RequestInterface $request, ResponseInterface $response)
{
$contentType = $request->getHeader('Content-Type');
list($contentType) = explode(';', $contentType);
if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') {
return;
}
$postVars = $request->getPostData();
if (!isset($postVars['sabreActionExtra'])) {
return;
}
$uri = $request->getPath();
switch ($postVars['sabreActionExtra']) {
case 'del':
if (isset($postVars['path'])) {
// Using basename() because we won't allow slashes
list(, $Name) = \Sabre\HTTP\URLUtil::splitPath(trim($postVars['path']));
if (!empty($Name) && $this->config->browserplugin_enable_delete === true) {
$this->server->tree->delete($uri . '/' . $Name);
}
}
break;
}
$response->setHeader('Location', $request->getUrl());
$response->setStatus(302);
return false;
}
/**
* Generates the davmount response
*
* @param string $uri absolute uri
* @return void
*/
function davMount(ResponseInterface $response, $uri)
{
$response->setStatus(200);
$response->setHeader('Content-Type', 'application/davmount+xml');
ob_start();
echo '<?xml version="1.0"?>', "\n";
echo "<dm:mount xmlns:dm=\"http://purl.org/NET/webdav/mount\">\n";
echo " <dm:url>", htmlspecialchars($uri, ENT_NOQUOTES, 'UTF-8'), "</dm:url>\n";
echo "</dm:mount>";
$response->setBody(ob_get_clean());
}
/**
* Intercepts GET requests on addressbook urls ending with ?export.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
if (!array_key_exists('export', $queryParams)) {
return;
}
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof IAddressBook) {
return;
}
$this->server->transactionType = 'get-addressbook-export';
// Checking ACL, if available.
if ($aclPlugin = $this->server->getPlugin('acl')) {
$aclPlugin->checkPrivileges($path, '{DAV:}read');
}
$response->setHeader('Content-Type', 'text/directory');
$response->setStatus(200);
$nodes = $this->server->getPropertiesForPath($path, ['{' . Plugin::NS_CARDDAV . '}address-data'], 1);
$response->setBody($this->generateVCF($nodes));
// Returning false to break the event chain
return false;
}
/**
* Unlocks a uri
*
* This WebDAV method allows you to remove a lock from a node. The client should provide a valid locktoken through the Lock-token http header
* The server should return 204 (No content) on success
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function httpUnlock(RequestInterface $request, ResponseInterface $response)
{
$lockToken = $request->getHeader('Lock-Token');
// If the locktoken header is not supplied, we need to throw a bad request exception
if (!$lockToken) {
throw new DAV\Exception\BadRequest('No lock token was supplied');
}
$path = $request->getPath();
$locks = $this->getLocks($path);
// Windows sometimes forgets to include < and > in the Lock-Token
// header
if ($lockToken[0] !== '<') {
$lockToken = '<' . $lockToken . '>';
}
foreach ($locks as $lock) {
if ('<opaquelocktoken:' . $lock->token . '>' == $lockToken) {
$this->unlockNode($path, $lock);
$response->setHeader('Content-Length', '0');
$response->setStatus(204);
// Returning false will break the method chain, and mark the
// method as 'handled'.
return false;
}
}
// If we got here, it means the locktoken was invalid
throw new DAV\Exception\LockTokenMatchesRequestUri();
}
/**
* We intercept this to handle POST requests on calendars.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return null|false
*/
function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
// Only handling xml
$contentType = $request->getHeader('Content-Type');
if (strpos($contentType, 'application/xml') === false && strpos($contentType, 'text/xml') === false) {
return;
}
// Making sure the node exists
try {
$node = $this->server->tree->getNodeForPath($path);
} catch (NotFound $e) {
return;
}
// CSRF protection
$this->protectAgainstCSRF();
$requestBody = $request->getBodyAsString();
// If this request handler could not deal with this POST request, it
// will return 'null' and other plugins get a chance to handle the
// request.
//
// However, we already requested the full body. This is a problem,
// because a body can only be read once. This is why we preemptively
// re-populated the request body with the existing data.
$request->setBody($requestBody);
$message = $this->server->xml->parse($requestBody, $request->getUrl(), $documentType);
switch ($documentType) {
// Dealing with the 'share' document, which modified invitees on a
// calendar.
case '{' . self::NS_OWNCLOUD . '}share':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableAddressBook) {
return;
}
$this->server->transactionType = 'post-oc-addressbook-share';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
/** @var \Sabre\DAVACL\Plugin $acl */
$acl->checkPrivileges($path, '{DAV:}write');
}
$node->updateShares($message->set, $message->remove);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
}
}
/**
* POST operation on Comments collections
*
* @param RequestInterface $request request object
* @param ResponseInterface $response response object
* @return null|false
*/
public function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof EntityCollection) {
return null;
}
$data = $request->getBodyAsString();
$comment = $this->createComment($node->getName(), $node->getId(), $data, $request->getHeader('Content-Type'));
// update read marker for the current user/poster to avoid
// having their own comments marked as unread
$node->setReadMarker(null);
$url = $request->getUrl() . '/' . urlencode($comment->getId());
$response->setHeader('Content-Location', $url);
// created
$response->setStatus(201);
return false;
}
/**
* This method is responsible for parsing a free-busy query request and
* returning it's result.
*
* @param IOutbox $outbox
* @param VObject\Component $vObject
* @param RequestInterface $request
* @param ResponseInterface $response
* @return string
*/
protected function handleFreeBusyRequest(IOutbox $outbox, VObject\Component $vObject, RequestInterface $request, ResponseInterface $response)
{
$vFreeBusy = $vObject->VFREEBUSY;
$organizer = $vFreeBusy->organizer;
$organizer = (string) $organizer;
// Validating if the organizer matches the owner of the inbox.
$owner = $outbox->getOwner();
$caldavNS = '{' . self::NS_CALDAV . '}';
$uas = $caldavNS . 'calendar-user-address-set';
$props = $this->server->getProperties($owner, [$uas]);
if (empty($props[$uas]) || !in_array($organizer, $props[$uas]->getHrefs())) {
throw new Forbidden('The organizer in the request did not match any of the addresses for the owner of this inbox');
}
if (!isset($vFreeBusy->ATTENDEE)) {
throw new BadRequest('You must at least specify 1 attendee');
}
$attendees = [];
foreach ($vFreeBusy->ATTENDEE as $attendee) {
$attendees[] = (string) $attendee;
}
if (!isset($vFreeBusy->DTSTART) || !isset($vFreeBusy->DTEND)) {
throw new BadRequest('DTSTART and DTEND must both be specified');
}
$startRange = $vFreeBusy->DTSTART->getDateTime();
$endRange = $vFreeBusy->DTEND->getDateTime();
$results = [];
foreach ($attendees as $attendee) {
$results[] = $this->getFreeBusyForEmail($attendee, $startRange, $endRange, $vObject);
}
$dom = new \DOMDocument('1.0', 'utf-8');
$dom->formatOutput = true;
$scheduleResponse = $dom->createElement('cal:schedule-response');
foreach ($this->server->xmlNamespaces as $namespace => $prefix) {
$scheduleResponse->setAttribute('xmlns:' . $prefix, $namespace);
}
$dom->appendChild($scheduleResponse);
foreach ($results as $result) {
$xresponse = $dom->createElement('cal:response');
$recipient = $dom->createElement('cal:recipient');
$recipientHref = $dom->createElement('d:href');
$recipientHref->appendChild($dom->createTextNode($result['href']));
$recipient->appendChild($recipientHref);
$xresponse->appendChild($recipient);
$reqStatus = $dom->createElement('cal:request-status');
$reqStatus->appendChild($dom->createTextNode($result['request-status']));
$xresponse->appendChild($reqStatus);
if (isset($result['calendar-data'])) {
$calendardata = $dom->createElement('cal:calendar-data');
$calendardata->appendChild($dom->createTextNode(str_replace("\r\n", "\n", $result['calendar-data']->serialize())));
$xresponse->appendChild($calendardata);
}
$scheduleResponse->appendChild($xresponse);
}
$response->setStatus(200);
$response->setHeader('Content-Type', 'application/xml');
$response->setBody($dom->saveXML());
}
/**
* POST operation on system tag collections
*
* @param RequestInterface $request request object
* @param ResponseInterface $response response object
* @return null|false
*/
public function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
// Making sure the node exists
try {
$node = $this->server->tree->getNodeForPath($path);
} catch (NotFound $e) {
return null;
}
if ($node instanceof SystemTagsByIdCollection || $node instanceof SystemTagsObjectMappingCollection) {
$data = $request->getBodyAsString();
$tag = $this->createTag($data, $request->getHeader('Content-Type'));
if ($node instanceof SystemTagsObjectMappingCollection) {
// also add to collection
$node->createFile($tag->getId());
$url = $request->getBaseUrl() . 'systemtags/';
} else {
$url = $request->getUrl();
}
if ($url[strlen($url) - 1] !== '/') {
$url .= '/';
}
$response->setHeader('Content-Location', $url . $tag->getId());
// created
$response->setStatus(201);
return false;
}
}
/**
* This event is triggered before the usual GET request handler.
*
* We use this to intercept GET calls to notification nodes, and return the
* proper response.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
try {
$node = $this->server->tree->getNodeForPath($path);
} catch (DAV\Exception\NotFound $e) {
return;
}
if (!$node instanceof INode) {
return;
}
$dom = new \DOMDocument('1.0', 'UTF-8');
$dom->formatOutput = true;
$root = $dom->createElement('cs:notification');
foreach ($this->server->xmlNamespaces as $namespace => $prefix) {
$root->setAttribute('xmlns:' . $prefix, $namespace);
}
$dom->appendChild($root);
$node->getNotificationType()->serializeBody($this->server, $root);
$response->setHeader('Content-Type', 'application/xml');
$response->setHeader('ETag', $node->getETag());
$response->setStatus(200);
$response->setBody($dom->saveXML());
// Return false to break the event chain.
return false;
}
/**
* This event is triggered after GET requests.
*
* This is used to transform data into jCal, if this was requested.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function httpAfterGet(RequestInterface $request, ResponseInterface $response)
{
if (strpos($response->getHeader('Content-Type'), 'text/vcard') === false) {
return;
}
$target = $this->negotiateVCard($request->getHeader('Accept'), $mimeType);
$newBody = $this->convertVCard($response->getBody(), $target);
$response->setBody($newBody);
$response->setHeader('Content-Type', $mimeType . '; charset=utf-8');
$response->setHeader('Content-Length', strlen($newBody));
}
/**
* We intercept this to handle POST requests on shared resources
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return null|bool
*/
function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
$contentType = $request->getHeader('Content-Type');
// We're only interested in the davsharing content type.
if (strpos($contentType, 'application/davsharing+xml') === false) {
return;
}
$message = $this->server->xml->parse($request->getBody(), $request->getUrl(), $documentType);
switch ($documentType) {
case '{DAV:}share-resource':
$this->shareResource($path, $message->sharees);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
default:
throw new BadRequest('Unexpected document type: ' . $documentType . ' for this Content-Type');
}
}
/**
* This event is triggered after GET requests.
*
* This is used to transform data into jCal, if this was requested.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function httpAfterGet(RequestInterface $request, ResponseInterface $response)
{
if (strpos($response->getHeader('Content-Type'), 'text/calendar') === false) {
return;
}
$result = HTTP\Util::negotiate($request->getHeader('Accept'), ['text/calendar', 'application/calendar+json']);
if ($result !== 'application/calendar+json') {
// Do nothing
return;
}
// Transforming.
$vobj = VObject\Reader::read($response->getBody());
$jsonBody = json_encode($vobj->jsonSerialize());
$response->setBody($jsonBody);
$response->setHeader('Content-Type', 'application/calendar+json');
$response->setHeader('Content-Length', strlen($jsonBody));
}
/**
* WebDAV HTTP COPY method
*
* This method copies one uri to a different uri, and works much like the MOVE request
* A lot of the actual request processing is done in getCopyMoveInfo
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpCopy(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
$copyInfo = $this->server->getCopyAndMoveInfo($request);
if ($copyInfo['destinationExists']) {
if (!$this->server->emit('beforeUnbind', [$copyInfo['destination']])) {
return false;
}
$this->server->tree->delete($copyInfo['destination']);
}
if (!$this->server->emit('beforeBind', [$copyInfo['destination']])) {
return false;
}
$this->server->tree->copy($path, $copyInfo['destination']);
$this->server->emit('afterBind', [$copyInfo['destination']]);
// If a resource was overwritten we should send a 204, otherwise a 201
$response->setHeader('Content-Length', '0');
$response->setStatus($copyInfo['destinationExists'] ? 204 : 201);
// Sending back false will interupt the event chain and tell the server
// we've handled this method.
return false;
}
/**
* This method is responsible for generating the actual, full response.
*
* @param string $path
* @param DateTime|null $start
* @param DateTime|null $end
* @param bool $expand
* @param string $componentType
* @param string $format
* @param array $properties
* @param ResponseInterface $response
*/
protected function generateResponse($path, $start, $end, $expand, $componentType, $format, $properties, ResponseInterface $response)
{
$calDataProp = '{' . Plugin::NS_CALDAV . '}calendar-data';
$blobs = [];
if ($start || $end || $componentType) {
// If there was a start or end filter, we need to enlist
// calendarQuery for speed.
$calendarNode = $this->server->tree->getNodeForPath($path);
$queryResult = $calendarNode->calendarQuery(['name' => 'VCALENDAR', 'comp-filters' => [['name' => $componentType, 'comp-filters' => [], 'prop-filters' => [], 'is-not-defined' => false, 'time-range' => ['start' => $start, 'end' => $end]]], 'prop-filters' => [], 'is-not-defined' => false, 'time-range' => null]);
// queryResult is just a list of base urls. We need to prefix the
// calendar path.
$queryResult = array_map(function ($item) use($path) {
return $path . '/' . $item;
}, $queryResult);
$nodes = $this->server->getPropertiesForMultiplePaths($queryResult, [$calDataProp]);
unset($queryResult);
} else {
$nodes = $this->server->getPropertiesForPath($path, [$calDataProp], 1);
}
// Flattening the arrays
foreach ($nodes as $node) {
if (isset($node[200][$calDataProp])) {
$blobs[$node['href']] = $node[200][$calDataProp];
}
}
unset($nodes);
$mergedCalendar = $this->mergeObjects($properties, $blobs);
if ($expand) {
$calendarTimeZone = null;
// We're expanding, and for that we need to figure out the
// calendar's timezone.
$tzProp = '{' . Plugin::NS_CALDAV . '}calendar-timezone';
$tzResult = $this->server->getProperties($path, [$tzProp]);
if (isset($tzResult[$tzProp])) {
// This property contains a VCALENDAR with a single
// VTIMEZONE.
$vtimezoneObj = VObject\Reader::read($tzResult[$tzProp]);
$calendarTimeZone = $vtimezoneObj->VTIMEZONE->getTimeZone();
// Destroy circular references to PHP will GC the object.
$vtimezoneObj->destroy();
unset($vtimezoneObj);
} else {
// Defaulting to UTC.
$calendarTimeZone = new DateTimeZone('UTC');
}
$mergedCalendar->expand($start, $end, $calendarTimeZone);
}
$response->setHeader('Content-Type', $format);
switch ($format) {
case 'text/calendar':
$mergedCalendar = $mergedCalendar->serialize();
break;
case 'application/calendar+json':
$mergedCalendar = json_encode($mergedCalendar->jsonSerialize());
break;
}
$response->setStatus(200);
$response->setBody($mergedCalendar);
}
/**
* This event is triggered before the usual GET request handler.
*
* We use this to intercept GET calls to notification nodes, and return the
* proper response.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function httpGet(RequestInterface $request, ResponseInterface $response) {
$path = $request->getPath();
try {
$node = $this->server->tree->getNodeForPath($path);
} catch (DAV\Exception\NotFound $e) {
return;
}
if (!$node instanceof INode)
return;
$writer = $this->server->xml->getWriter();
$writer->contextUri = $this->server->getBaseUri();
$writer->openMemory();
$writer->startDocument('1.0', 'UTF-8');
$writer->startElement('{http://calendarserver.org/ns/}notification');
$node->getNotificationType()->xmlSerializeFull($writer);
$writer->endElement();
$response->setHeader('Content-Type', 'application/xml');
$response->setHeader('ETag', $node->getETag());
$response->setStatus(200);
$response->setBody($writer->outputMemory());
// Return false to break the event chain.
return false;
}
/**
* Compute an HTTP POST method.
*
* @param Request $request HTTP request.
* @param Response $response HTTP response.
* @return bool
* @throws Exception\Dav\Exception
*/
function httpPost(Request $request, Response $response)
{
if (System\Collection::NAME . '/' . Node::NAME !== $request->getPath()) {
return;
}
$payload = @json_decode($request->getBodyAsString());
if (!$payload || !isset($payload->transport) || !isset($payload->username) || !isset($payload->password)) {
throw new Exception\Dav\Exception('Payload is corrupted.');
}
$this->configuration->mail = new StdClass();
$this->configuration->mail->transport = $payload->transport;
$this->configuration->mail->username = $payload->username;
$this->configuration->mail->password = $payload->password;
$this->configuration->save();
$response->setHeader('Content-Type', 'application/json');
$response->setBody(json_encode(true));
return false;
}
/**
* This method is responsible for generating the actual, full response.
*
* @param string $path
* @param DateTime|null $start
* @param DateTime|null $end
* @param bool $expand
* @param string $format
* @param array $properties
* @param ResponseInterface $response
*/
protected function generateResponse($path, $start, $end, $expand, $format, $properties, ResponseInterface $response)
{
$calDataProp = '{' . Plugin::NS_CALDAV . '}calendar-data';
$blobs = [];
if ($start || $end) {
// If there was a start or end filter, we need to enlist
// calendarQuery for speed.
$calendarNode = $this->server->tree->getNodeForPath($path);
$queryResult = $calendarNode->calendarQuery(['name' => 'VCALENDAR', 'comp-filters' => [['name' => 'VEVENT', 'comp-filters' => [], 'prop-filters' => [], 'is-not-defined' => false, 'time-range' => ['start' => $start, 'end' => $end]]], 'prop-filters' => [], 'is-not-defined' => false, 'time-range' => null]);
// queryResult is just a list of base urls. We need to prefix the
// calendar path.
$queryResult = array_map(function ($item) use($path) {
return $path . '/' . $item;
}, $queryResult);
$nodes = $this->server->getPropertiesForMultiplePaths($queryResult, [$calDataProp]);
unset($queryResult);
} else {
$nodes = $this->server->getPropertiesForPath($path, [$calDataProp], 1);
}
// Flattening the arrays
foreach ($nodes as $node) {
if (isset($node[200][$calDataProp])) {
$blobs[] = $node[200][$calDataProp];
}
}
unset($nodes);
$mergedCalendar = $this->mergeObjects($properties, $blobs);
if ($expand) {
$mergedCalendar->expand($start, $end);
}
$response->setHeader('Content-Type', $format);
switch ($format) {
case 'text/calendar':
$mergedCalendar = $mergedCalendar->serialize();
break;
case 'application/calendar+json':
$mergedCalendar = json_encode($mergedCalendar->jsonSerialize());
break;
}
$response->setStatus(200);
$response->setBody($mergedCalendar);
}
/**
* @return bool
*/
function httpGet(Request $request, Response $response)
{
if (System\Collection::NAME . '/' . Node::NAME !== $request->getPath()) {
return;
}
$payload = ['current_version' => SABRE_KATANA_VERSION];
$extra = [];
if (true === $request->hasHeader('Referer')) {
$extra['referer'] = $request->getHeader('Referer');
}
$updatesDotJson = Updater::getUpdateUrl(Updater::DEFAULT_UPDATE_SERVER, $extra);
$versions = @file_get_contents($updatesDotJson);
if (!empty($versions)) {
$versions = json_decode($versions, true);
$versionsToFetch = Updater::filterVersions($versions, SABRE_KATANA_VERSION, Updater::FORMAT_PHAR);
$payload['next_versions'] = array_keys($versionsToFetch);
}
$response->setHeader('Content-Type', 'application/json');
$response->setBody(json_encode($payload));
return false;
}
/**
* This method handles the PROPFIND method.
*
* It's a very lazy method, it won't bother checking the request body
* for which properties were requested, and just sends back a default
* set of properties.
*
* @param RequestInterface $request
* @param ResponseInterface $hR
* @param string $tempLocation
* @return bool
*/
function httpPropfind(RequestInterface $request, ResponseInterface $hR, $tempLocation)
{
if (!file_exists($tempLocation)) {
return;
}
$hR->setHeader('X-Sabre-Temp', 'true');
$hR->setStatus(207);
$hR->setHeader('Content-Type', 'application/xml; charset=utf-8');
$properties = ['href' => $request->getPath(), 200 => ['{DAV:}getlastmodified' => new Xml\Property\GetLastModified(filemtime($tempLocation)), '{DAV:}getcontentlength' => filesize($tempLocation), '{DAV:}resourcetype' => new Xml\Property\ResourceType(null), '{' . Server::NS_SABREDAV . '}tempFile' => true]];
$data = $this->server->generateMultiStatus([$properties]);
$hR->setBody($data);
return false;
}
/**
* Handles POST requests for tree operations.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpPOST(RequestInterface $request, ResponseInterface $response)
{
$contentType = $request->getHeader('Content-Type');
list($contentType) = explode(';', $contentType);
if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') {
return;
}
$postVars = $request->getPostData();
if (!isset($postVars['sabreAction'])) {
return;
}
$uri = $request->getPath();
if ($this->server->emit('onBrowserPostAction', [$uri, $postVars['sabreAction'], $postVars])) {
switch ($postVars['sabreAction']) {
case 'mkcol':
if (isset($postVars['name']) && trim($postVars['name'])) {
// Using basename() because we won't allow slashes
list(, $folderName) = URLUtil::splitPath(trim($postVars['name']));
$this->server->createDirectory($uri . '/' . $folderName);
}
break;
// @codeCoverageIgnoreStart
// @codeCoverageIgnoreStart
case 'put':
if ($_FILES) {
$file = current($_FILES);
} else {
break;
}
list(, $newName) = URLUtil::splitPath(trim($file['name']));
if (isset($postVars['name']) && trim($postVars['name'])) {
$newName = trim($postVars['name']);
}
// Making sure we only have a 'basename' component
list(, $newName) = URLUtil::splitPath($newName);
if (is_uploaded_file($file['tmp_name'])) {
$this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'], 'r'));
}
break;
// @codeCoverageIgnoreEnd
}
}
$response->setHeader('Location', $request->getUrl());
$response->setStatus(302);
return false;
}
/**
* Fakes a successful LOCK
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
public function fakeUnlockProvider(RequestInterface $request, ResponseInterface $response)
{
$response->setStatus(204);
$response->setHeader('Content-Length', '0');
return false;
}
/**
* We intercept this to handle POST requests on calendars.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return null|bool
*/
function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
// Only handling xml
$contentType = $request->getHeader('Content-Type');
if (strpos($contentType, 'application/xml') === false && strpos($contentType, 'text/xml') === false) {
return;
}
// Making sure the node exists
try {
$node = $this->server->tree->getNodeForPath($path);
} catch (DAV\Exception\NotFound $e) {
return;
}
$requestBody = $request->getBodyAsString();
// If this request handler could not deal with this POST request, it
// will return 'null' and other plugins get a chance to handle the
// request.
//
// However, we already requested the full body. This is a problem,
// because a body can only be read once. This is why we preemptively
// re-populated the request body with the existing data.
$request->setBody($requestBody);
$dom = DAV\XMLUtil::loadDOMDocument($requestBody);
$documentType = DAV\XMLUtil::toClarkNotation($dom->firstChild);
switch ($documentType) {
// Dealing with the 'share' document, which modified invitees on a
// calendar.
case '{' . Plugin::NS_CALENDARSERVER . '}share':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableCalendar) {
return;
}
$this->server->transactionType = 'post-calendar-share';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$mutations = $this->parseShareRequest($dom);
$node->updateShares($mutations[0], $mutations[1]);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
// The invite-reply document is sent when the user replies to an
// invitation of a calendar share.
// The invite-reply document is sent when the user replies to an
// invitation of a calendar share.
case '{' . Plugin::NS_CALENDARSERVER . '}invite-reply':
// This only works on the calendar-home-root node.
if (!$node instanceof CalendarHome) {
return;
}
$this->server->transactionType = 'post-invite-reply';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$message = $this->parseInviteReplyRequest($dom);
$url = $node->shareReply($message['href'], $message['status'], $message['calendarUri'], $message['inReplyTo'], $message['summary']);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
if ($url) {
$dom = new \DOMDocument('1.0', 'UTF-8');
$dom->formatOutput = true;
$root = $dom->createElement('cs:shared-as');
foreach ($this->server->xmlNamespaces as $namespace => $prefix) {
$root->setAttribute('xmlns:' . $prefix, $namespace);
}
$dom->appendChild($root);
$href = new DAV\Property\Href($url);
$href->serialize($this->server, $root);
$response->setHeader('Content-Type', 'application/xml');
$response->setBody($dom->saveXML());
}
// Breaking the event chain
return false;
case '{' . Plugin::NS_CALENDARSERVER . '}publish-calendar':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableCalendar) {
return;
}
$this->server->transactionType = 'post-publish-calendar';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$node->setPublishStatus(true);
// iCloud sends back the 202, so we will too.
$response->setStatus(202);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
case '{' . Plugin::NS_CALENDARSERVER . '}unpublish-calendar':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableCalendar) {
return;
}
$this->server->transactionType = 'post-unpublish-calendar';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$node->setPublishStatus(false);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
}
}
/**
* This method checks the main HTTP preconditions.
*
* Currently these are:
* * If-Match
* * If-None-Match
* * If-Modified-Since
* * If-Unmodified-Since
*
* The method will return true if all preconditions are met
* The method will return false, or throw an exception if preconditions
* failed. If false is returned the operation should be aborted, and
* the appropriate HTTP response headers are already set.
*
* Normally this method will throw 412 Precondition Failed for failures
* related to If-None-Match, If-Match and If-Unmodified Since. It will
* set the status to 304 Not Modified for If-Modified_since.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function checkPreconditions(RequestInterface $request, ResponseInterface $response) {
$path = $request->getPath();
$node = null;
$lastMod = null;
$etag = null;
if ($ifMatch = $request->getHeader('If-Match')) {
// If-Match contains an entity tag. Only if the entity-tag
// matches we are allowed to make the request succeed.
// If the entity-tag is '*' we are only allowed to make the
// request succeed if a resource exists at that url.
try {
$node = $this->tree->getNodeForPath($path);
} catch (Exception\NotFound $e) {
throw new Exception\PreconditionFailed('An If-Match header was specified and the resource did not exist', 'If-Match');
}
// Only need to check entity tags if they are not *
if ($ifMatch !== '*') {
// There can be multiple ETags
$ifMatch = explode(',', $ifMatch);
$haveMatch = false;
foreach ($ifMatch as $ifMatchItem) {
// Stripping any extra spaces
$ifMatchItem = trim($ifMatchItem, ' ');
$etag = $node instanceof IFile ? $node->getETag() : null;
if ($etag === $ifMatchItem) {
$haveMatch = true;
} else {
// Evolution has a bug where it sometimes prepends the "
// with a \. This is our workaround.
if (str_replace('\\"', '"', $ifMatchItem) === $etag) {
$haveMatch = true;
}
}
}
if (!$haveMatch) {
if ($etag) $response->setHeader('ETag', $etag);
throw new Exception\PreconditionFailed('An If-Match header was specified, but none of the specified the ETags matched.', 'If-Match');
}
}
}
if ($ifNoneMatch = $request->getHeader('If-None-Match')) {
// The If-None-Match header contains an ETag.
// Only if the ETag does not match the current ETag, the request will succeed
// The header can also contain *, in which case the request
// will only succeed if the entity does not exist at all.
$nodeExists = true;
if (!$node) {
try {
$node = $this->tree->getNodeForPath($path);
} catch (Exception\NotFound $e) {
$nodeExists = false;
}
}
if ($nodeExists) {
$haveMatch = false;
if ($ifNoneMatch === '*') $haveMatch = true;
else {
// There might be multiple ETags
$ifNoneMatch = explode(',', $ifNoneMatch);
$etag = $node instanceof IFile ? $node->getETag() : null;
foreach ($ifNoneMatch as $ifNoneMatchItem) {
// Stripping any extra spaces
$ifNoneMatchItem = trim($ifNoneMatchItem, ' ');
if ($etag === $ifNoneMatchItem) $haveMatch = true;
}
}
if ($haveMatch) {
if ($etag) $response->setHeader('ETag', $etag);
if ($request->getMethod() === 'GET') {
$response->setStatus(304);
return false;
} else {
throw new Exception\PreconditionFailed('An If-None-Match header was specified, but the ETag matched (or * was specified).', 'If-None-Match');
}
}
}
}
if (!$ifNoneMatch && ($ifModifiedSince = $request->getHeader('If-Modified-Since'))) {
// The If-Modified-Since header contains a date. We
// will only return the entity if it has been changed since
// that date. If it hasn't been changed, we return a 304
// header
// Note that this header only has to be checked if there was no If-None-Match header
// as per the HTTP spec.
$date = HTTP\Util::parseHTTPDate($ifModifiedSince);
if ($date) {
if (is_null($node)) {
$node = $this->tree->getNodeForPath($path);
}
$lastMod = $node->getLastModified();
if ($lastMod) {
$lastMod = new \DateTime('@' . $lastMod);
if ($lastMod <= $date) {
$response->setStatus(304);
$response->setHeader('Last-Modified', HTTP\Util::toHTTPDate($lastMod));
return false;
}
}
}
}
if ($ifUnmodifiedSince = $request->getHeader('If-Unmodified-Since')) {
// The If-Unmodified-Since will allow allow the request if the
// entity has not changed since the specified date.
$date = HTTP\Util::parseHTTPDate($ifUnmodifiedSince);
// We must only check the date if it's valid
if ($date) {
if (is_null($node)) {
$node = $this->tree->getNodeForPath($path);
}
$lastMod = $node->getLastModified();
if ($lastMod) {
$lastMod = new \DateTime('@' . $lastMod);
if ($lastMod > $date) {
throw new Exception\PreconditionFailed('An If-Unmodified-Since header was specified, but the entity has been changed since the specified date.', 'If-Unmodified-Since');
}
}
}
}
// Now the hardest, the If: header. The If: header can contain multiple
// urls, ETags and so-called 'state tokens'.
//
// Examples of state tokens include lock-tokens (as defined in rfc4918)
// and sync-tokens (as defined in rfc6578).
//
// The only proper way to deal with these, is to emit events, that a
// Sync and Lock plugin can pick up.
$ifConditions = $this->getIfConditions($request);
foreach ($ifConditions as $kk => $ifCondition) {
foreach ($ifCondition['tokens'] as $ii => $token) {
$ifConditions[$kk]['tokens'][$ii]['validToken'] = false;
}
}
// Plugins are responsible for validating all the tokens.
// If a plugin deemed a token 'valid', it will set 'validToken' to
// true.
$this->emit('validateTokens', [ $request, &$ifConditions ]);
// Now we're going to analyze the result.
// Every ifCondition needs to validate to true, so we exit as soon as
// we have an invalid condition.
foreach ($ifConditions as $ifCondition) {
$uri = $ifCondition['uri'];
$tokens = $ifCondition['tokens'];
// We only need 1 valid token for the condition to succeed.
foreach ($tokens as $token) {
$tokenValid = $token['validToken'] || !$token['token'];
$etagValid = false;
if (!$token['etag']) {
$etagValid = true;
}
// Checking the ETag, only if the token was already deamed
// valid and there is one.
if ($token['etag'] && $tokenValid) {
// The token was valid, and there was an ETag. We must
// grab the current ETag and check it.
$node = $this->tree->getNodeForPath($uri);
$etagValid = $node instanceof IFile && $node->getETag() == $token['etag'];
}
if (($tokenValid && $etagValid) ^ $token['negate']) {
// Both were valid, so we can go to the next condition.
continue 2;
}
}
// If we ended here, it means there was no valid ETag + token
// combination found for the current condition. This means we fail!
throw new Exception\PreconditionFailed('Failed to find a valid token/etag combination for ' . $uri, 'If');
}
return true;
}
/**
* Handles POST requests for tree operations.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpPOST(RequestInterface $request, ResponseInterface $response)
{
$contentType = $request->getHeader('Content-Type');
list($contentType) = explode(';', $contentType);
if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') {
return;
}
$postVars = $request->getPostData();
if (!isset($postVars['sabreAction'])) {
return;
}
$uri = $request->getPath();
if ($this->server->emit('onBrowserPostAction', [$uri, $postVars['sabreAction'], $postVars])) {
switch ($postVars['sabreAction']) {
case 'mkcol':
if (isset($postVars['name']) && trim($postVars['name'])) {
// Using basename() because we won't allow slashes
list(, $folderName) = URLUtil::splitPath(trim($postVars['name']));
if (isset($postVars['resourceType'])) {
$resourceType = explode(',', $postVars['resourceType']);
} else {
$resourceType = ['{DAV:}collection'];
}
$properties = [];
foreach ($postVars as $varName => $varValue) {
// Any _POST variable in clark notation is treated
// like a property.
if ($varName[0] === '{') {
// PHP will convert any dots to underscores.
// This leaves us with no way to differentiate
// the two.
// Therefore we replace the string *DOT* with a
// real dot. * is not allowed in uris so we
// should be good.
$varName = str_replace('*DOT*', '.', $varName);
$properties[$varName] = $varValue;
}
}
$mkCol = new MkCol($resourceType, $properties);
$this->server->createCollection($uri . '/' . $folderName, $mkCol);
}
break;
// @codeCoverageIgnoreStart
// @codeCoverageIgnoreStart
case 'put':
if ($_FILES) {
$file = current($_FILES);
} else {
break;
}
list(, $newName) = URLUtil::splitPath(trim($file['name']));
if (isset($postVars['name']) && trim($postVars['name'])) {
$newName = trim($postVars['name']);
}
// Making sure we only have a 'basename' component
list(, $newName) = URLUtil::splitPath($newName);
if (is_uploaded_file($file['tmp_name'])) {
$this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'], 'r'));
}
break;
// @codeCoverageIgnoreEnd
}
}
$response->setHeader('Location', $request->getUrl());
$response->setStatus(302);
return false;
}
/**
* Patch an uri
*
* The WebDAV patch request can be used to modify only a part of an
* existing resource. If the resource does not exist yet and the first
* offset is not 0, the request fails
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
function httpPatch(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
// Get the node. Will throw a 404 if not found
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof IFile && !$node instanceof IPatchSupport) {
throw new DAV\Exception\MethodNotAllowed('The target resource does not support the PATCH method.');
}
$range = $this->getHTTPUpdateRange($request);
if (!$range) {
throw new DAV\Exception\BadRequest('No valid "X-Update-Range" found in the headers');
}
$contentType = strtolower($request->getHeader('Content-Type'));
if ($contentType != 'application/x-sabredav-partialupdate') {
throw new DAV\Exception\UnsupportedMediaType('Unknown Content-Type header "' . $contentType . '"');
}
$len = $this->server->httpRequest->getHeader('Content-Length');
if (!$len) {
throw new DAV\Exception\LengthRequired('A Content-Length header is required');
}
switch ($range[0]) {
case self::RANGE_START:
// Calculate the end-range if it doesn't exist.
if (!$range[2]) {
$range[2] = $range[1] + $len - 1;
} else {
if ($range[2] < $range[1]) {
throw new DAV\Exception\RequestedRangeNotSatisfiable('The end offset (' . $range[2] . ') is lower than the start offset (' . $range[1] . ')');
}
if ($range[2] - $range[1] + 1 != $len) {
throw new DAV\Exception\RequestedRangeNotSatisfiable('Actual data length (' . $len . ') is not consistent with begin (' . $range[1] . ') and end (' . $range[2] . ') offsets');
}
}
break;
}
if (!$this->server->emit('beforeWriteContent', [$path, $node, null])) {
return;
}
$body = $this->server->httpRequest->getBody();
if ($node instanceof IPatchSupport) {
$etag = $node->patch($body, $range[0], isset($range[1]) ? $range[1] : null);
} else {
// The old interface
switch ($range[0]) {
case self::RANGE_APPEND:
throw new DAV\Exception\NotImplemented('This node does not support the append syntax. Please upgrade it to IPatchSupport');
case self::RANGE_START:
$etag = $node->putRange($body, $range[1]);
break;
case self::RANGE_END:
throw new DAV\Exception\NotImplemented('This node does not support the end-range syntax. Please upgrade it to IPatchSupport');
break;
}
}
$this->server->emit('afterWriteContent', [$path, $node]);
$response->setHeader('Content-Length', '0');
if ($etag) {
$response->setHeader('ETag', $etag);
}
$response->setStatus(204);
// Breaks the event chain
return false;
}
/**
* We intercept this to handle POST requests on calendars.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return null|bool
*/
function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
// Only handling xml
$contentType = $request->getHeader('Content-Type');
if (strpos($contentType, 'application/xml') === false && strpos($contentType, 'text/xml') === false) {
return;
}
// Making sure the node exists
try {
$node = $this->server->tree->getNodeForPath($path);
} catch (DAV\Exception\NotFound $e) {
return;
}
$requestBody = $request->getBodyAsString();
// If this request handler could not deal with this POST request, it
// will return 'null' and other plugins get a chance to handle the
// request.
//
// However, we already requested the full body. This is a problem,
// because a body can only be read once. This is why we preemptively
// re-populated the request body with the existing data.
$request->setBody($requestBody);
$message = $this->server->xml->parse($requestBody, $request->getUrl(), $documentType);
switch ($documentType) {
// Dealing with the 'share' document, which modified invitees on a
// calendar.
case '{' . Plugin::NS_CALENDARSERVER . '}share':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableCalendar) {
return;
}
$this->server->transactionType = 'post-calendar-share';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$node->updateShares($message->set, $message->remove);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
// The invite-reply document is sent when the user replies to an
// invitation of a calendar share.
// The invite-reply document is sent when the user replies to an
// invitation of a calendar share.
case '{' . Plugin::NS_CALENDARSERVER . '}invite-reply':
// This only works on the calendar-home-root node.
if (!$node instanceof CalendarHome) {
return;
}
$this->server->transactionType = 'post-invite-reply';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$url = $node->shareReply($message->href, $message->status, $message->calendarUri, $message->inReplyTo, $message->summary);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
if ($url) {
$writer = $this->server->xml->getWriter($this->server->getBaseUri());
$writer->openMemory();
$writer->startDocument();
$writer->startElement('{' . Plugin::NS_CALENDARSERVER . '}shared-as');
$writer->write(new Href($url));
$writer->endElement();
$response->setHeader('Content-Type', 'application/xml');
$response->setBody($writer->outputMemory());
}
// Breaking the event chain
return false;
case '{' . Plugin::NS_CALENDARSERVER . '}publish-calendar':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableCalendar) {
return;
}
$this->server->transactionType = 'post-publish-calendar';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$node->setPublishStatus(true);
// iCloud sends back the 202, so we will too.
$response->setStatus(202);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
case '{' . Plugin::NS_CALENDARSERVER . '}unpublish-calendar':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableCalendar) {
return;
}
$this->server->transactionType = 'post-unpublish-calendar';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$node->setPublishStatus(false);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
}
}
