if ($fh) {
fwrite($fh, $request->raw_post);
fclose($fh);
}
}
if (!isset($request->xml_tags)) {
$request->DoResponse(406, translate("REPORT body contains no XML data!"));
}
$position = 0;
$xmltree = BuildXMLTree($request->xml_tags, $position);
if (!is_object($xmltree)) {
$request->DoResponse(406, translate("REPORT body is not valid XML data!"));
}
$target = new DAVResource($request->path);
if ($xmltree->GetTag() != 'DAV::principal-property-search' && $xmltree->GetTag() != 'DAV::principal-property-search-set') {
$target->NeedPrivilege(array('DAV::read', 'urn:ietf:params:xml:ns:caldav:read-free-busy'), true);
// They may have either
}
require_once "iCalendar.php";
$reportnum = -1;
$report = array();
$denied = array();
$unsupported = array();
if (isset($prop_filter)) {
unset($prop_filter);
}
if ($xmltree->GetTag() == 'urn:ietf:params:xml:ns:caldav:free-busy-query') {
include "caldav-REPORT-freebusy.php";
exit;
// Not that the above include should return anyway
}
<?php
/**
* CalDAV Server - handle GET method
*
* @package davical
* @subpackage caldav
* @author Andrew McMillan <*****@*****.**>
* @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
*/
dbg_error_log("get", "GET method handler");
require_once "iCalendar.php";
require_once "DAVResource.php";
$dav_resource = new DAVResource($request->path);
$dav_resource->NeedPrivilege(array('urn:ietf:params:xml:ns:caldav:read-free-busy', 'DAV::read'));
if (!$dav_resource->Exists()) {
$request->DoResponse(404, translate("Resource Not Found."));
}
function obfuscated_event($icalendar)
{
// The user is not admin / owner of this calendar looking at his calendar and can not admin the other cal,
// or maybe they don't have *read* access but they got here, so they must at least have free/busy access
// so we will present an obfuscated version of the event that just says "Busy" (translated :-)
$confidential = new iCalComponent();
$confidential->SetType($icalendar->GetType());
$confidential->AddProperty('SUMMARY', translate('Busy'));
$confidential->AddProperty('CLASS', 'CONFIDENTIAL');
$confidential->SetProperties($icalendar->GetProperties('DTSTART'), 'DTSTART');
$confidential->SetProperties($icalendar->GetProperties('RRULE'), 'RRULE');
$confidential->SetProperties($icalendar->GetProperties('DURATION'), 'DURATION');
}
/**
* Something that we can handle, at least roughly correctly.
*/
$responses = array();
if ($request->IsProxyRequest()) {
$response = add_proxy_response($request->proxy_type, $request->principal->dav_name());
if (isset($response)) {
$responses[] = $response;
}
} else {
$resource = new DAVResource($request->path);
if (!$resource->Exists()) {
$request->PreconditionFailed(404, 'must-exist', translate('That resource is not present on this server.'));
}
$resource->NeedPrivilege('DAV::read');
if ($resource->IsExternal()) {
require_once "external-fetch.php";
update_external($resource);
}
if ($resource->IsCollection()) {
dbg_error_log('PROPFIND', 'Getting collection contents: Depth %d, Path: %s', $request->depth, $resource->dav_name());
$responses[] = $resource->RenderAsXML($property_list, $reply);
if ($request->depth > 0) {
$responses = array_merge($responses, get_collection_contents($request->depth - 1, $resource));
}
} elseif ($request->HavePrivilegeTo('DAV::read', false)) {
$responses[] = $resource->RenderAsXML($property_list, $reply);
}
}
$xmldoc = $reply->Render('multistatus', $responses);
if (!$dest->Exists()) {
if ($container->IsPrincipal()) {
$request->PreconditionFailed(405, 'method-not-allowed', translate('A DAViCal principal collection may only contain collections'));
}
if (!$container->Exists()) {
$request->PreconditionFailed(409, 'collection-must-exist', translate('The destination collection does not exist'));
}
$container->NeedPrivilege('DAV::bind');
} else {
if ($dest->IsCollection()) {
if (!isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections) {
$request->PreconditionFailed(405, 'method-not-allowed', translate('You may not PUT to a collection URL'));
}
$request->DoResponse(403, translate('PUT on a collection is only allowed for text/calendar content against a calendar collection'));
}
$dest->NeedPrivilege('DAV::write-content');
}
if (isset($request->etag_none_match) && $request->etag_none_match != '*' && $dest->Exists()) {
$request->PreconditionFailed(412, 'if-none-match', translate('A resource already exists at the destination.'));
}
if (isset($request->etag_if_match) && $request->etag_if_match != $dest->unique_tag()) {
$request->PreconditionFailed(412, 'if-match', sprintf('Existing resource ETag of "%s" does not match "%s"', $dest->unique_tag(), $request->etag_if_match));
}
$collection_id = $container->GetProperty('collection_id');
$qry = new AwlQuery();
$qry->Begin();
$etag = md5($request->raw_post);
$params = array(':user_no' => $dest->GetProperty('user_no'), ':dav_name' => $dest->bound_from(), ':etag' => $etag, ':dav_data' => $request->raw_post, ':session_user' => $session->user_no);
if ($dest->Exists()) {
$sql = 'UPDATE caldav_data SET caldav_data=:dav_data, dav_etag=:etag, logged_user=:session_user,
modified=current_timestamp, user_no=:user_no, caldav_type=\'VCARD\' WHERE dav_name=:dav_name';
* server MUST NOT perform the requested method.
*/
$error = '';
if (isset($request->etag_if_match) && $request->etag_if_match != $src->unique_tag()) {
$error = translate('Existing resource does not match "If-Match" header - not accepted.');
} else {
if (isset($request->etag_none_match) && $request->etag_none_match != '' && $request->etag_none_match == $src->unique_tag()) {
$error = translate('Existing resource matches "If-None-Match" header - not accepted.');
}
}
if ($error != '') {
$request->DoResponse(412, $error);
}
}
}
$src->NeedPrivilege('DAV::unbind');
$dest->NeedPrivilege('DAV::write-content');
if (!$dest->Exists()) {
$dest->NeedPrivilege('DAV::bind');
}
function rollback($response_code = 412)
{
global $request;
$qry = new AwlQuery('ROLLBACK');
$qry->Exec('move');
// Just in case
$request->DoResponse($response_code);
// And we don't return from that.
}
$qry = new AwlQuery('BEGIN');
if (!$qry->Exec('move')) {
<?php
/**
* CalDAV Server - handle OPTIONS method
*
* @package davical
* @subpackage caldav
* @author Andrew McMillan <*****@*****.**>
* @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
*/
dbg_error_log("OPTIONS", "method handler");
include_once 'DAVResource.php';
$resource = new DAVResource($request->path);
$resource->NeedPrivilege('DAV::read', true);
if (!$resource->Exists()) {
$request->DoResponse(404, translate("No collection found at that location."));
}
$allowed = implode(', ', array_keys($resource->FetchSupportedMethods()));
header('Allow: ' . $allowed);
$request->DoResponse(200, "");
resource. For example, a server where only authenticated principals
can access resources would not allow the DAV:all or
DAV:unauthenticated principals to be used in an ACE, since these
would allow unauthenticated access to resources.
*/
$position = 0;
$xmltree = BuildXMLTree($request->xml_tags, $position);
$aces = $xmltree->GetPath("/DAV::acl/*");
$grantor = new DAVResource($request->path);
if (!$grantor->Exists()) {
$request->DoResponse(404);
}
if (!$grantor->IsCollection()) {
$request->PreconditionFailed(403, 'not-supported-privilege', 'ACLs are only supported on Principals or Collections');
}
$grantor->NeedPrivilege('write-acl');
$cache_delete_list = array();
$qry = new AwlQuery('BEGIN');
$qry->Exec('ACL', __LINE__, __FILE__);
function process_ace($grantor, $by_principal, $by_collection, $ace)
{
global $cache_delete_list, $request;
$elements = $ace->GetContent();
$principal_node = $elements[0];
$grant = $elements[1];
if ($principal_node->GetNSTag() != 'DAV::principal') {
$request->MalformedRequest('ACL request must contain a principal, not ' . $principal->GetNSTag());
}
$grant_tag = $grant->GetNSTag();
if ($grant_tag == 'DAV::deny') {
$request->PreconditionFailed(403, 'grant-only');
<?php
/**
* CalDAV Server - handle OPTIONS method
*
* @package davical
* @subpackage caldav
* @author Andrew McMillan <*****@*****.**>
* @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
*/
dbg_error_log("OPTIONS", "method handler");
include_once 'DAVResource.php';
$resource = new DAVResource($request->path);
/**
* The spec calls for this to be controlled by 'read' access, but we expand
* that a little to also allow read-current-user-privilege-set since we grant that
* more generally and Mozilla attempts this and gets upset...
*/
$resource->NeedPrivilege(array('DAV::read', 'DAV::read-current-user-privilege-set'), true);
if (!$resource->Exists()) {
$request->DoResponse(404, translate("No collection found at that location."));
}
$allowed = implode(', ', array_keys($resource->FetchSupportedMethods()));
header('Allow: ' . $allowed);
$request->DoResponse(200, "");
