Esempio n. 1
0
 function post()
 {
     if (!local_channel() || get_pconfig(local_channel(), 'cdav', 'enabled') != 1) {
         return;
     }
     $channel = \App::get_channel();
     $principalUri = 'principals/' . $channel['channel_address'];
     if (!cdav_principal($principalUri)) {
         return;
     }
     if (\DBA::$dba && \DBA::$dba->connected) {
         $pdovars = \DBA::$dba->pdo_get();
     } else {
         killme();
     }
     $pdo = new \PDO($pdovars[0], $pdovars[1], $pdovars[2]);
     $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
     require_once 'vendor/autoload.php';
     if (argc() == 2 && argv(1) === 'calendar') {
         $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo);
         $calendars = $caldavBackend->getCalendarsForUser($principalUri);
         //create new calendar
         if ($_REQUEST['{DAV:}displayname'] && $_REQUEST['create']) {
             do {
                 $duplicate = false;
                 $calendarUri = random_string(40);
                 $r = q("SELECT uri FROM calendarinstances WHERE principaluri = '%s' AND uri = '%s' LIMIT 1", dbesc($principalUri), dbesc($calendarUri));
                 if (count($r)) {
                     $duplicate = true;
                 }
             } while ($duplicate == true);
             $properties = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname'], '{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color'], '{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name']];
             $id = $caldavBackend->createCalendar($principalUri, $calendarUri, $properties);
             // set new calendar to be visible
             set_pconfig(local_channel(), 'cdav_calendar', $id[0], 1);
         }
         //create new calendar object via ajax request
         if ($_REQUEST['submit'] === 'create_event' && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) {
             $id = explode(':', $_REQUEST['target']);
             if (!cdav_perms($id[0], $calendars, true)) {
                 return;
             }
             $title = $_REQUEST['title'];
             $dtstart = new \DateTime($_REQUEST['dtstart']);
             if ($_REQUEST['dtend']) {
                 $dtend = new \DateTime($_REQUEST['dtend']);
             }
             $description = $_REQUEST['description'];
             $location = $_REQUEST['location'];
             do {
                 $duplicate = false;
                 $objectUri = random_string(40) . '.ics';
                 $r = q("SELECT uri FROM calendarobjects WHERE calendarid = %s AND uri = '%s' LIMIT 1", intval($id[0]), dbesc($objectUri));
                 if (count($r)) {
                     $duplicate = true;
                 }
             } while ($duplicate == true);
             $vcalendar = new \Sabre\VObject\Component\VCalendar(['VEVENT' => ['SUMMARY' => $title, 'DTSTART' => $dtstart]]);
             if ($dtend) {
                 $vcalendar->VEVENT->add('DTEND', $dtend);
             }
             if ($description) {
                 $vcalendar->VEVENT->add('DESCRIPTION', $description);
             }
             if ($location) {
                 $vcalendar->VEVENT->add('LOCATION', $location);
             }
             $calendarData = $vcalendar->serialize();
             $caldavBackend->createCalendarObject($id, $objectUri, $calendarData);
             killme();
         }
         //edit calendar name and color
         if ($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) {
             $id = explode(':', $_REQUEST['id']);
             if (!cdav_perms($id[0], $calendars)) {
                 return;
             }
             $mutations = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname'], '{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color']];
             $patch = new \Sabre\DAV\PropPatch($mutations);
             $caldavBackend->updateCalendar($id, $patch);
             $patch->commit();
         }
         //edit calendar object via ajax request
         if ($_REQUEST['submit'] === 'update_event' && $_REQUEST['uri'] && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) {
             $id = explode(':', $_REQUEST['target']);
             if (!cdav_perms($id[0], $calendars, true)) {
                 return;
             }
             $uri = $_REQUEST['uri'];
             $title = $_REQUEST['title'];
             $dtstart = new \DateTime($_REQUEST['dtstart']);
             $dtend = $_REQUEST['dtend'] ? new \DateTime($_REQUEST['dtend']) : '';
             $description = $_REQUEST['description'];
             $location = $_REQUEST['location'];
             $object = $caldavBackend->getCalendarObject($id, $uri);
             $vcalendar = \Sabre\VObject\Reader::read($object['calendardata']);
             if ($title) {
                 $vcalendar->VEVENT->SUMMARY = $title;
             }
             if ($dtstart) {
                 $vcalendar->VEVENT->DTSTART = $dtstart;
             }
             if ($dtend) {
                 $vcalendar->VEVENT->DTEND = $dtend;
             } else {
                 unset($vcalendar->VEVENT->DTEND);
             }
             if ($description) {
                 $vcalendar->VEVENT->DESCRIPTION = $description;
             }
             if ($location) {
                 $vcalendar->VEVENT->LOCATION = $location;
             }
             $calendarData = $vcalendar->serialize();
             $caldavBackend->updateCalendarObject($id, $uri, $calendarData);
             killme();
         }
         //delete calendar object via ajax request
         if ($_REQUEST['delete'] && $_REQUEST['uri'] && $_REQUEST['target']) {
             $id = explode(':', $_REQUEST['target']);
             if (!cdav_perms($id[0], $calendars, true)) {
                 return;
             }
             $uri = $_REQUEST['uri'];
             $caldavBackend->deleteCalendarObject($id, $uri);
             killme();
         }
         //edit calendar object date/timeme via ajax request (drag and drop)
         if ($_REQUEST['update'] && $_REQUEST['id'] && $_REQUEST['uri']) {
             $id = [$_REQUEST['id'][0], $_REQUEST['id'][1]];
             if (!cdav_perms($id[0], $calendars, true)) {
                 return;
             }
             $uri = $_REQUEST['uri'];
             $dtstart = new \DateTime($_REQUEST['dtstart']);
             $dtend = $_REQUEST['dtend'] ? new \DateTime($_REQUEST['dtend']) : '';
             $object = $caldavBackend->getCalendarObject($id, $uri);
             $vcalendar = \Sabre\VObject\Reader::read($object['calendardata']);
             if ($dtstart) {
                 $vcalendar->VEVENT->DTSTART = $dtstart;
             }
             if ($dtend) {
                 $vcalendar->VEVENT->DTEND = $dtend;
             } else {
                 unset($vcalendar->VEVENT->DTEND);
             }
             $calendarData = $vcalendar->serialize();
             $caldavBackend->updateCalendarObject($id, $uri, $calendarData);
             killme();
         }
         //share a calendar - this only works on local system (with channels on the same server)
         if ($_REQUEST['sharee'] && $_REQUEST['share']) {
             $id = [intval($_REQUEST['calendarid']), intval($_REQUEST['instanceid'])];
             if (!cdav_perms($id[0], $calendars)) {
                 return;
             }
             $hash = $_REQUEST['sharee'];
             $sharee_arr = channelx_by_hash($hash);
             $sharee = new \Sabre\DAV\Xml\Element\Sharee();
             $sharee->href = 'mailto:' . $sharee_arr['channel_hash'];
             $sharee->principal = 'principals/' . $sharee_arr['channel_address'];
             $sharee->access = intval($_REQUEST['access']);
             $sharee->properties = ['{DAV:}displayname' => $channel['channel_name']];
             $caldavBackend->updateInvites($id, [$sharee]);
         }
     }
     if (argc() >= 2 && argv(1) === 'addressbook') {
         $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo);
         $addressbooks = $carddavBackend->getAddressBooksForUser($principalUri);
         //create new addressbook
         if ($_REQUEST['{DAV:}displayname'] && $_REQUEST['create']) {
             do {
                 $duplicate = false;
                 $addressbookUri = random_string(20);
                 $r = q("SELECT uri FROM addressbooks WHERE principaluri = '%s' AND uri = '%s' LIMIT 1", dbesc($principalUri), dbesc($addressbookUri));
                 if (count($r)) {
                     $duplicate = true;
                 }
             } while ($duplicate == true);
             $properties = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname']];
             $carddavBackend->createAddressBook($principalUri, $addressbookUri, $properties);
         }
         //edit addressbook
         if ($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && intval($_REQUEST['id'])) {
             $id = $_REQUEST['id'];
             if (!cdav_perms($id, $addressbooks)) {
                 return;
             }
             $mutations = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname']];
             $patch = new \Sabre\DAV\PropPatch($mutations);
             $carddavBackend->updateAddressBook($id, $patch);
             $patch->commit();
         }
         //create addressbook card
         if ($_REQUEST['create'] && $_REQUEST['target'] && $_REQUEST['fn']) {
             $id = $_REQUEST['target'];
             do {
                 $duplicate = false;
                 $uri = random_string(40) . '.vcf';
                 $r = q("SELECT uri FROM cards WHERE addressbookid = %s AND uri = '%s' LIMIT 1", intval($id), dbesc($uri));
                 if (count($r)) {
                     $duplicate = true;
                 }
             } while ($duplicate == true);
             //TODO: this mostly duplictes the procedure in update addressbook card. should move this part to a function to avoid duplication
             $fn = $_REQUEST['fn'];
             $vcard = new \Sabre\VObject\Component\VCard(['FN' => $fn, 'N' => array_reverse(explode(' ', $fn))]);
             $org = $_REQUEST['org'];
             if ($org) {
                 $vcard->ORG = $org;
             }
             $title = $_REQUEST['title'];
             if ($title) {
                 $vcard->TITLE = $title;
             }
             $tel = $_REQUEST['tel'];
             $tel_type = $_REQUEST['tel_type'];
             if ($tel) {
                 $i = 0;
                 foreach ($tel as $item) {
                     if ($item) {
                         $vcard->add('TEL', $item, ['type' => $tel_type[$i]]);
                     }
                     $i++;
                 }
             }
             $email = $_REQUEST['email'];
             $email_type = $_REQUEST['email_type'];
             if ($email) {
                 $i = 0;
                 foreach ($email as $item) {
                     if ($item) {
                         $vcard->add('EMAIL', $item, ['type' => $email_type[$i]]);
                     }
                     $i++;
                 }
             }
             $impp = $_REQUEST['impp'];
             $impp_type = $_REQUEST['impp_type'];
             if ($impp) {
                 $i = 0;
                 foreach ($impp as $item) {
                     if ($item) {
                         $vcard->add('IMPP', $item, ['type' => $impp_type[$i]]);
                     }
                     $i++;
                 }
             }
             $url = $_REQUEST['url'];
             $url_type = $_REQUEST['url_type'];
             if ($url) {
                 $i = 0;
                 foreach ($url as $item) {
                     if ($item) {
                         $vcard->add('URL', $item, ['type' => $url_type[$i]]);
                     }
                     $i++;
                 }
             }
             $adr = $_REQUEST['adr'];
             $adr_type = $_REQUEST['adr_type'];
             if ($adr) {
                 $i = 0;
                 foreach ($adr as $item) {
                     if ($item) {
                         $vcard->add('ADR', $item, ['type' => $adr_type[$i]]);
                     }
                     $i++;
                 }
             }
             $note = $_REQUEST['note'];
             if ($note) {
                 $vcard->NOTE = $note;
             }
             $cardData = $vcard->serialize();
             $carddavBackend->createCard($id, $uri, $cardData);
         }
         //edit addressbook card
         if ($_REQUEST['update'] && $_REQUEST['uri'] && $_REQUEST['target']) {
             $id = $_REQUEST['target'];
             if (!cdav_perms($id, $addressbooks)) {
                 return;
             }
             $uri = $_REQUEST['uri'];
             $object = $carddavBackend->getCard($id, $uri);
             $vcard = \Sabre\VObject\Reader::read($object['carddata']);
             $fn = $_REQUEST['fn'];
             if ($fn) {
                 $vcard->FN = $fn;
                 $vcard->N = array_reverse(explode(' ', $fn));
             }
             $org = $_REQUEST['org'];
             if ($org) {
                 $vcard->ORG = $org;
             } else {
                 unset($vcard->ORG);
             }
             $title = $_REQUEST['title'];
             if ($title) {
                 $vcard->TITLE = $title;
             } else {
                 unset($vcard->TITLE);
             }
             $tel = $_REQUEST['tel'];
             $tel_type = $_REQUEST['tel_type'];
             if ($tel) {
                 $i = 0;
                 unset($vcard->TEL);
                 foreach ($tel as $item) {
                     if ($item) {
                         $vcard->add('TEL', $item, ['type' => $tel_type[$i]]);
                     }
                     $i++;
                 }
             } else {
                 unset($vcard->TEL);
             }
             $email = $_REQUEST['email'];
             $email_type = $_REQUEST['email_type'];
             if ($email) {
                 $i = 0;
                 unset($vcard->EMAIL);
                 foreach ($email as $item) {
                     if ($item) {
                         $vcard->add('EMAIL', $item, ['type' => $email_type[$i]]);
                     }
                     $i++;
                 }
             } else {
                 unset($vcard->EMAIL);
             }
             $impp = $_REQUEST['impp'];
             $impp_type = $_REQUEST['impp_type'];
             if ($impp) {
                 $i = 0;
                 unset($vcard->IMPP);
                 foreach ($impp as $item) {
                     if ($item) {
                         $vcard->add('IMPP', $item, ['type' => $impp_type[$i]]);
                     }
                     $i++;
                 }
             } else {
                 unset($vcard->IMPP);
             }
             $url = $_REQUEST['url'];
             $url_type = $_REQUEST['url_type'];
             if ($url) {
                 $i = 0;
                 unset($vcard->URL);
                 foreach ($url as $item) {
                     if ($item) {
                         $vcard->add('URL', $item, ['type' => $url_type[$i]]);
                     }
                     $i++;
                 }
             } else {
                 unset($vcard->URL);
             }
             $adr = $_REQUEST['adr'];
             $adr_type = $_REQUEST['adr_type'];
             if ($adr) {
                 $i = 0;
                 unset($vcard->ADR);
                 foreach ($adr as $item) {
                     if ($item) {
                         $vcard->add('ADR', $item, ['type' => $adr_type[$i]]);
                     }
                     $i++;
                 }
             } else {
                 unset($vcard->ADR);
             }
             $note = $_REQUEST['note'];
             if ($note) {
                 $vcard->NOTE = $note;
             } else {
                 unset($vcard->NOTE);
             }
             $cardData = $vcard->serialize();
             $carddavBackend->updateCard($id, $uri, $cardData);
         }
         //delete addressbook card
         if ($_REQUEST['delete'] && $_REQUEST['uri'] && $_REQUEST['target']) {
             $id = $_REQUEST['target'];
             if (!cdav_perms($id, $addressbooks)) {
                 return;
             }
             $uri = $_REQUEST['uri'];
             $carddavBackend->deleteCard($id, $uri);
         }
     }
     //Import calendar or addressbook
     if ($_FILES && array_key_exists('userfile', $_FILES) && intval($_FILES['userfile']['size']) && $_REQUEST['target']) {
         $src = @file_get_contents($_FILES['userfile']['tmp_name']);
         if ($src) {
             if ($_REQUEST['c_upload']) {
                 $id = explode(':', $_REQUEST['target']);
                 $ext = 'ics';
                 $table = 'calendarobjects';
                 $column = 'calendarid';
                 $objects = new \Sabre\VObject\Splitter\ICalendar($src);
                 $profile = \Sabre\VObject\Node::PROFILE_CALDAV;
                 $backend = new \Sabre\CalDAV\Backend\PDO($pdo);
             }
             if ($_REQUEST['a_upload']) {
                 $id[] = intval($_REQUEST['target']);
                 $ext = 'vcf';
                 $table = 'cards';
                 $column = 'addressbookid';
                 $objects = new \Sabre\VObject\Splitter\VCard($src);
                 $profile = \Sabre\VObject\Node::PROFILE_CARDDAV;
                 $backend = new \Sabre\CardDAV\Backend\PDO($pdo);
             }
             while ($object = $objects->getNext()) {
                 if ($_REQUEST['a_upload']) {
                     $object = $object->convert(\Sabre\VObject\Document::VCARD40);
                 }
                 $ret = $object->validate($profile & \Sabre\VObject\Node::REPAIR);
                 //level 3 Means that the document is invalid,
                 //level 2 means a warning. A warning means it's valid but it could cause interopability issues,
                 //level 1 means that there was a problem earlier, but the problem was automatically repaired.
                 if ($ret[0]['level'] < 3) {
                     do {
                         $duplicate = false;
                         $objectUri = random_string(40) . '.' . $ext;
                         $r = q("SELECT uri FROM {$table} WHERE {$column} = %d AND uri = '%s' LIMIT 1", dbesc($id[0]), dbesc($objectUri));
                         if (count($r)) {
                             $duplicate = true;
                         }
                     } while ($duplicate == true);
                     if ($_REQUEST['c_upload']) {
                         $backend->createCalendarObject($id, $objectUri, $object->serialize());
                     }
                     if ($_REQUEST['a_upload']) {
                         $backend->createCard($id[0], $objectUri, $object->serialize());
                     }
                 } else {
                     if ($_REQUEST['c_upload']) {
                         notice('<strong>' . t('INVALID EVENT DISMISSED!') . '</strong>' . EOL . '<strong>' . t('Summary: ') . '</strong>' . ($object->VEVENT->SUMMARY ? $object->VEVENT->SUMMARY : t('Unknown')) . EOL . '<strong>' . t('Date: ') . '</strong>' . ($object->VEVENT->DTSTART ? $object->VEVENT->DTSTART : t('Unknown')) . EOL . '<strong>' . t('Reason: ') . '</strong>' . $ret[0]['message'] . EOL);
                     }
                     if ($_REQUEST['a_upload']) {
                         notice('<strong>' . t('INVALID CARD DISMISSED!') . '</strong>' . EOL . '<strong>' . t('Name: ') . '</strong>' . ($object->FN ? $object->FN : t('Unknown')) . EOL . '<strong>' . t('Reason: ') . '</strong>' . $ret[0]['message'] . EOL);
                     }
                 }
             }
         }
         @unlink($src);
     }
 }