if ($fh) { fwrite($fh, $request->raw_post); fclose($fh); } } if (!isset($request->xml_tags)) { $request->DoResponse(406, translate("REPORT body contains no XML data!")); } $position = 0; $xmltree = BuildXMLTree($request->xml_tags, $position); if (!is_object($xmltree)) { $request->DoResponse(406, translate("REPORT body is not valid XML data!")); } $target = new DAVResource($request->path); if ($xmltree->GetTag() != 'DAV::principal-property-search' && $xmltree->GetTag() != 'DAV::principal-property-search-set') { $target->NeedPrivilege(array('DAV::read', 'urn:ietf:params:xml:ns:caldav:read-free-busy'), true); // They may have either } require_once "iCalendar.php"; $reportnum = -1; $report = array(); $denied = array(); $unsupported = array(); if (isset($prop_filter)) { unset($prop_filter); } if ($xmltree->GetTag() == 'urn:ietf:params:xml:ns:caldav:free-busy-query') { include "caldav-REPORT-freebusy.php"; exit; // Not that the above include should return anyway }
<?php /** * CalDAV Server - handle GET method * * @package davical * @subpackage caldav * @author Andrew McMillan <*****@*****.**> * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/> * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later */ dbg_error_log("get", "GET method handler"); require_once "iCalendar.php"; require_once "DAVResource.php"; $dav_resource = new DAVResource($request->path); $dav_resource->NeedPrivilege(array('urn:ietf:params:xml:ns:caldav:read-free-busy', 'DAV::read')); if (!$dav_resource->Exists()) { $request->DoResponse(404, translate("Resource Not Found.")); } function obfuscated_event($icalendar) { // The user is not admin / owner of this calendar looking at his calendar and can not admin the other cal, // or maybe they don't have *read* access but they got here, so they must at least have free/busy access // so we will present an obfuscated version of the event that just says "Busy" (translated :-) $confidential = new iCalComponent(); $confidential->SetType($icalendar->GetType()); $confidential->AddProperty('SUMMARY', translate('Busy')); $confidential->AddProperty('CLASS', 'CONFIDENTIAL'); $confidential->SetProperties($icalendar->GetProperties('DTSTART'), 'DTSTART'); $confidential->SetProperties($icalendar->GetProperties('RRULE'), 'RRULE'); $confidential->SetProperties($icalendar->GetProperties('DURATION'), 'DURATION');
} /** * Something that we can handle, at least roughly correctly. */ $responses = array(); if ($request->IsProxyRequest()) { $response = add_proxy_response($request->proxy_type, $request->principal->dav_name()); if (isset($response)) { $responses[] = $response; } } else { $resource = new DAVResource($request->path); if (!$resource->Exists()) { $request->PreconditionFailed(404, 'must-exist', translate('That resource is not present on this server.')); } $resource->NeedPrivilege('DAV::read'); if ($resource->IsExternal()) { require_once "external-fetch.php"; update_external($resource); } if ($resource->IsCollection()) { dbg_error_log('PROPFIND', 'Getting collection contents: Depth %d, Path: %s', $request->depth, $resource->dav_name()); $responses[] = $resource->RenderAsXML($property_list, $reply); if ($request->depth > 0) { $responses = array_merge($responses, get_collection_contents($request->depth - 1, $resource)); } } elseif ($request->HavePrivilegeTo('DAV::read', false)) { $responses[] = $resource->RenderAsXML($property_list, $reply); } } $xmldoc = $reply->Render('multistatus', $responses);
if (!$dest->Exists()) { if ($container->IsPrincipal()) { $request->PreconditionFailed(405, 'method-not-allowed', translate('A DAViCal principal collection may only contain collections')); } if (!$container->Exists()) { $request->PreconditionFailed(409, 'collection-must-exist', translate('The destination collection does not exist')); } $container->NeedPrivilege('DAV::bind'); } else { if ($dest->IsCollection()) { if (!isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections) { $request->PreconditionFailed(405, 'method-not-allowed', translate('You may not PUT to a collection URL')); } $request->DoResponse(403, translate('PUT on a collection is only allowed for text/calendar content against a calendar collection')); } $dest->NeedPrivilege('DAV::write-content'); } if (isset($request->etag_none_match) && $request->etag_none_match != '*' && $dest->Exists()) { $request->PreconditionFailed(412, 'if-none-match', translate('A resource already exists at the destination.')); } if (isset($request->etag_if_match) && $request->etag_if_match != $dest->unique_tag()) { $request->PreconditionFailed(412, 'if-match', sprintf('Existing resource ETag of "%s" does not match "%s"', $dest->unique_tag(), $request->etag_if_match)); } $collection_id = $container->GetProperty('collection_id'); $qry = new AwlQuery(); $qry->Begin(); $etag = md5($request->raw_post); $params = array(':user_no' => $dest->GetProperty('user_no'), ':dav_name' => $dest->bound_from(), ':etag' => $etag, ':dav_data' => $request->raw_post, ':session_user' => $session->user_no); if ($dest->Exists()) { $sql = 'UPDATE caldav_data SET caldav_data=:dav_data, dav_etag=:etag, logged_user=:session_user, modified=current_timestamp, user_no=:user_no, caldav_type=\'VCARD\' WHERE dav_name=:dav_name';
* server MUST NOT perform the requested method. */ $error = ''; if (isset($request->etag_if_match) && $request->etag_if_match != $src->unique_tag()) { $error = translate('Existing resource does not match "If-Match" header - not accepted.'); } else { if (isset($request->etag_none_match) && $request->etag_none_match != '' && $request->etag_none_match == $src->unique_tag()) { $error = translate('Existing resource matches "If-None-Match" header - not accepted.'); } } if ($error != '') { $request->DoResponse(412, $error); } } } $src->NeedPrivilege('DAV::unbind'); $dest->NeedPrivilege('DAV::write-content'); if (!$dest->Exists()) { $dest->NeedPrivilege('DAV::bind'); } function rollback($response_code = 412) { global $request; $qry = new AwlQuery('ROLLBACK'); $qry->Exec('move'); // Just in case $request->DoResponse($response_code); // And we don't return from that. } $qry = new AwlQuery('BEGIN'); if (!$qry->Exec('move')) {
<?php /** * CalDAV Server - handle OPTIONS method * * @package davical * @subpackage caldav * @author Andrew McMillan <*****@*****.**> * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/> * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later */ dbg_error_log("OPTIONS", "method handler"); include_once 'DAVResource.php'; $resource = new DAVResource($request->path); $resource->NeedPrivilege('DAV::read', true); if (!$resource->Exists()) { $request->DoResponse(404, translate("No collection found at that location.")); } $allowed = implode(', ', array_keys($resource->FetchSupportedMethods())); header('Allow: ' . $allowed); $request->DoResponse(200, "");
resource. For example, a server where only authenticated principals can access resources would not allow the DAV:all or DAV:unauthenticated principals to be used in an ACE, since these would allow unauthenticated access to resources. */ $position = 0; $xmltree = BuildXMLTree($request->xml_tags, $position); $aces = $xmltree->GetPath("/DAV::acl/*"); $grantor = new DAVResource($request->path); if (!$grantor->Exists()) { $request->DoResponse(404); } if (!$grantor->IsCollection()) { $request->PreconditionFailed(403, 'not-supported-privilege', 'ACLs are only supported on Principals or Collections'); } $grantor->NeedPrivilege('write-acl'); $cache_delete_list = array(); $qry = new AwlQuery('BEGIN'); $qry->Exec('ACL', __LINE__, __FILE__); function process_ace($grantor, $by_principal, $by_collection, $ace) { global $cache_delete_list, $request; $elements = $ace->GetContent(); $principal_node = $elements[0]; $grant = $elements[1]; if ($principal_node->GetNSTag() != 'DAV::principal') { $request->MalformedRequest('ACL request must contain a principal, not ' . $principal->GetNSTag()); } $grant_tag = $grant->GetNSTag(); if ($grant_tag == 'DAV::deny') { $request->PreconditionFailed(403, 'grant-only');
<?php /** * CalDAV Server - handle OPTIONS method * * @package davical * @subpackage caldav * @author Andrew McMillan <*****@*****.**> * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/> * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later */ dbg_error_log("OPTIONS", "method handler"); include_once 'DAVResource.php'; $resource = new DAVResource($request->path); /** * The spec calls for this to be controlled by 'read' access, but we expand * that a little to also allow read-current-user-privilege-set since we grant that * more generally and Mozilla attempts this and gets upset... */ $resource->NeedPrivilege(array('DAV::read', 'DAV::read-current-user-privilege-set'), true); if (!$resource->Exists()) { $request->DoResponse(404, translate("No collection found at that location.")); } $allowed = implode(', ', array_keys($resource->FetchSupportedMethods())); header('Allow: ' . $allowed); $request->DoResponse(200, "");