} if (!$dav_resource->Exists() && !$dav_resource->HavePrivilegeTo('DAV::bind')) { $request->DoResponse(403); } if (!ini_get('open_basedir') && (isset($c->dbg['ALL']) || isset($c->dbg['put']) && $c->dbg['put'])) { $fh = fopen('/tmp/PUT.txt', 'w'); if ($fh) { fwrite($fh, $request->raw_post); fclose($fh); } } include_once 'caldav-PUT-functions.php'; controlRequestContainer($dav_resource->GetProperty('username'), $dav_resource->GetProperty('user_no'), $dav_resource->bound_from(), true); $lock_opener = $request->FailIfLocked(); if ($dav_resource->IsCollection()) { if ($dav_resource->IsPrincipal() || $dav_resource->IsBinding() || !isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections == true) { $request->DoResponse(405); // Method not allowed return; } $appending = isset($_GET['mode']) && $_GET['mode'] == 'append'; /** * CalDAV does not define the result of a PUT on a collection. We treat that * as an import. The code is in caldav-PUT-functions.php */ import_collection($request->raw_post, $request->user_no, $request->path, true, $appending); $request->DoResponse(200); return; } $etag = md5($request->raw_post); $ic = new iCalComponent($request->raw_post);
} function rollback($response_code = 412) { global $request; $qry = new AwlQuery('ROLLBACK'); $qry->Exec('move'); // Just in case $request->DoResponse($response_code); // And we don't return from that. } $qry = new AwlQuery('BEGIN'); if (!$qry->Exec('move')) { rollback(500); } $src_name = $src->dav_name(); $dst_name = $dest->IsBinding() ? $dest->bound_from() : $dest->dav_name(); $src_collection = $src->GetProperty('collection_id'); $dst_collection = $dest->GetProperty('collection_id'); $src_user_no = $src->GetProperty('user_no'); $dst_user_no = $dest->GetProperty('user_no'); $cache = getCacheInstance(); $cachekeys = array(); if ($src->IsCollection()) { $cachekeys[] = ($src->ContainerType() == 'principal' ? 'principal' : 'collection') . '-' . $src->parent_path(); $cachekeys[] = ($src->IsPrincipal() == 'principal' ? 'principal' : 'collection') . '-' . $src->dav_name(); $cachekeys[] = ($src->IsPrincipal() ? 'principal' : 'collection') . '-' . $dest->dav_name(); if ($dest->Exists()) { $qry = new AwlQuery('DELETE FROM collection WHERE dav_name = :dst_name', array(':dst_name' => $dst_name)); if (!$qry->Exec('move')) { rollback(500); }
$request->DoResponse(500, translate('Database Error')); } fetch_external($row->bind_id, ''); $request->DoResponse(201); } else { $request->DoResponse(500, translate('Database Error')); } } else { $source = new DAVResource($href); if (!$source->Exists()) { $request->PreconditionFailed(403, 'DAV::bind-source-exists', translate('The BIND Request MUST identify an existing resource.')); } if ($source->IsPrincipal() || !$source->IsCollection()) { $request->PreconditionFailed(403, 'DAV::binding-allowed', translate('DAViCal only allows BIND requests for collections at present.')); } if ($source->IsBinding()) { $source = new DAVResource($source->bound_from()); } /* bind_id INT8 DEFAULT nextval('dav_id_seq') PRIMARY KEY, bound_source_id INT8 REFERENCES collection(collection_id) ON UPDATE CASCADE ON DELETE CASCADE, access_ticket_id TEXT REFERENCES access_ticket(ticket_id) ON UPDATE CASCADE ON DELETE SET NULL, parent_container TEXT NOT NULL, dav_name TEXT UNIQUE NOT NULL, dav_displayname TEXT, external_url TEXT, type TEXT */ $sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname ) VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname )'; $params = array(':target_id' => $source->GetProperty('collection_id'), ':ticket_id' => isset($request->ticket) ? $request->ticket->id() : null, ':parent_container' => $parent->dav_name(), ':session_principal' => $session->principal_id, ':dav_name' => $destination_path, ':displayname' => $source->GetProperty('displayname'));
<?php /** * CalDAV Server - handle PROPPATCH method * * @package davical * @subpackage caldav * @author Andrew McMillan <*****@*****.**> * @copyright Morphoss Ltd - http://www.morphoss.com/ * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 */ dbg_error_log("PROPPATCH", "method handler"); require_once 'iCalendar.php'; require_once 'DAVResource.php'; $dav_resource = new DAVResource($request->path); if (!($dav_resource->HavePrivilegeTo('DAV::write-properties') || $dav_resource->IsBinding())) { $request->DoResponse(403); } $position = 0; $xmltree = BuildXMLTree($request->xml_tags, $position); // echo $xmltree->Render(); if ($xmltree->GetTag() != "DAV::propertyupdate") { $request->DoResponse(403); } /** * Find the properties being set, and the properties being removed */ $setprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::set/DAV::prop/*"); $rmprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::remove/DAV::prop/*"); /** * We build full status responses for failures. For success we just record
if ($qry->QDo("SELECT write_sync_change(collection_id, 404, caldav_data.dav_name) FROM caldav_data WHERE collection_id = :collection_id", $params) && $qry->QDo("DELETE FROM property WHERE dav_name LIKE (SELECT dav_name FROM collection WHERE collection_id = :collection_id) || '%'", $params) && $qry->QDo("DELETE FROM locks WHERE dav_name LIKE (SELECT dav_name FROM collection WHERE collection_id = :collection_id) || '%'", $params) && $qry->QDo("DELETE FROM caldav_data WHERE collection_id = :collection_id", $params) && $qry->QDo("DELETE FROM collection WHERE collection_id = :collection_id", $params)) { @dbg_error_log("DELETE", "DELETE (collection): User: %d, ETag: %s, Path: %s", $session->user_no, $request->etag_if_match, $request->path); return true; } return false; } if (!$dav_resource->Exists()) { $request->DoResponse(404); } if (!($dav_resource->resource_id() > 0)) { $request->DoResponse(403); } $qry = new AwlQuery(); $qry->Begin(); if ($dav_resource->IsCollection()) { if ($dav_resource->IsBinding()) { $params = array(':dav_name' => $dav_resource->dav_name()); if ($qry->QDo("DELETE FROM dav_binding WHERE dav_name = :dav_name", $params) && $qry->Commit()) { @dbg_error_log("DELETE", "DELETE: Binding: %d, ETag: %s, Path: %s", $session->user_no, $request->etag_if_match, $request->path); $request->DoResponse(204); } } else { if (delete_collection($dav_resource->resource_id()) && $qry->Commit()) { // Uncache anything to do with the collection $cache = getCacheInstance(); $cache->delete('collection-' . $dav_resource->dav_name(), null); $request->DoResponse(204); } } } else { if (isset($request->etag_if_match) && $request->etag_if_match != $dav_resource->unique_tag()) {
/** * CalDAV Server - handle PROPPATCH method * * @package davical * @subpackage caldav * @author Andrew McMillan <*****@*****.**> * @copyright Morphoss Ltd - http://www.morphoss.com/ * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 */ dbg_error_log("PROPPATCH", "method handler"); require_once 'vCalendar.php'; require_once 'DAVResource.php'; $dav_resource = new DAVResource($request->path); if (!$dav_resource->HavePrivilegeTo('DAV::write-properties')) { $parent = $dav_resource->GetParentContainer(); if (!$dav_resource->IsBinding() || !$parent->HavePrivilegeTo('DAV::write')) { $request->PreconditionFailed(403, 'DAV::write-properties', 'You do not have permission to write properties to that resource'); } } $position = 0; $xmltree = BuildXMLTree($request->xml_tags, $position); // echo $xmltree->Render(); if ($xmltree->GetNSTag() != "DAV::propertyupdate") { $request->PreconditionFailed(403, 'DAV::propertyupdate', 'XML request did not contain a <propertyupdate> tag'); } /** * Find the properties being set, and the properties being removed */ $setprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::set/DAV::prop/*"); $rmprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::remove/DAV::prop/*"); /**