$request->DoResponse(200); return; } $etag = md5($request->raw_post); $ic = new iCalComponent($request->raw_post); if (!$dav_resource->Exists() && (isset($request->etag_if_match) && $request->etag_if_match != '')) { /** * RFC2068, 14.25: * If none of the entity tags match, or if "*" is given and no current * entity exists, the server MUST NOT perform the requested method, and * MUST return a 412 (Precondition Failed) response. */ $request->PreconditionFailed(412, 'if-match'); } if ($dav_resource->Exists()) { if (isset($request->etag_if_match) && $request->etag_if_match != '' && $request->etag_if_match != $dav_resource->unique_tag()) { /** * RFC2068, 14.25: * If none of the entity tags match, or if "*" is given and no current * entity exists, the server MUST NOT perform the requested method, and * MUST return a 412 (Precondition Failed) response. */ $request->PreconditionFailed(412, 'if-match', sprintf('Existing resource ETag of "%s" does not match "%s"', $dav_resource->unique_tag(), $request->etag_if_match)); } else { if (isset($request->etag_none_match) && $request->etag_none_match != '' && ($request->etag_none_match == $dav_resource->unique_tag() || $request->etag_none_match == '*')) { /** * RFC2068, 14.26: * If any of the entity tags match the entity tag of the entity that * would have been returned in the response to a similar GET request * (without the If-None-Match header) on that resource, or if "*" is * given and any current entity exists for that resource, then the
$request->PreconditionFailed(409, 'collection-must-exist', translate('The destination collection does not exist')); } $container->NeedPrivilege('DAV::bind'); } else { if ($dest->IsCollection()) { if (!isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections) { $request->PreconditionFailed(405, 'method-not-allowed', translate('You may not PUT to a collection URL')); } $request->DoResponse(403, translate('PUT on a collection is only allowed for text/calendar content against a calendar collection')); } $dest->NeedPrivilege('DAV::write-content'); } if (isset($request->etag_none_match) && $request->etag_none_match != '*' && $dest->Exists()) { $request->PreconditionFailed(412, 'if-none-match', translate('A resource already exists at the destination.')); } if (isset($request->etag_if_match) && $request->etag_if_match != $dest->unique_tag()) { $request->PreconditionFailed(412, 'if-match', sprintf('Existing resource ETag of "%s" does not match "%s"', $dest->unique_tag(), $request->etag_if_match)); } $collection_id = $container->GetProperty('collection_id'); $qry = new AwlQuery(); $qry->Begin(); $etag = md5($request->raw_post); $params = array(':user_no' => $dest->GetProperty('user_no'), ':dav_name' => $dest->bound_from(), ':etag' => $etag, ':dav_data' => $request->raw_post, ':session_user' => $session->user_no); if ($dest->Exists()) { $sql = 'UPDATE caldav_data SET caldav_data=:dav_data, dav_etag=:etag, logged_user=:session_user, modified=current_timestamp, user_no=:user_no, caldav_type=\'VCARD\' WHERE dav_name=:dav_name'; $response_code = 200; $qry->QDo($sql, $params); $qry->QDo("SELECT dav_id FROM caldav_data WHERE dav_name = :dav_name ", array(':dav_name' => $params[':dav_name'])); } else { $sql = 'INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, caldav_type, logged_user, created, modified, collection_id )
$comp->ClearComponents('VALARM'); $vcal->AddComponent($comp); } else { $vcal->AddComponent($comp); } } } /** Put the timezones on there that we need */ foreach ($need_zones as $tzid => $v) { if (isset($timezones[$tzid])) { $vcal->AddComponent($timezones[$tzid]); } } $response = $vcal->Render(); header('Content-Length: ' . strlen($response)); header('Etag: ' . $dav_resource->unique_tag()); $request->DoResponse(200, $request->method == 'HEAD' ? '' : $response, 'text/calendar; charset="utf-8"'); } // Just a single event then $resource = $dav_resource->resource(); $ic = new iCalComponent($resource->caldav_data); /** Default deny... */ $allowed = false; if ($dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $resource->user_no || $session->user_no == $resource->logged_user || $c->allow_get_email_visibility && $ic->IsAttendee($session->email)) { /** * These people get to see all of the event, and they should always * get any alarms as well. */ $allowed = true; } else { if ($resource->class != 'PRIVATE') {
if (isset($request->etag_if_match) && $request->etag_if_match != '' || isset($request->etag_none_match) && $request->etag_none_match != '') { /** * RFC2068, 14.25: * If none of the entity tags match, or if "*" is given and no current * entity exists, the server MUST NOT perform the requested method, and * MUST return a 412 (Precondition Failed) response. * * RFC2068, 14.26: * If any of the entity tags match the entity tag of the entity that * would have been returned in the response to a similar GET request * (without the If-None-Match header) on that resource, or if "*" is * given and any current entity exists for that resource, then the * server MUST NOT perform the requested method. */ $error = ''; if (isset($request->etag_if_match) && $request->etag_if_match != $src->unique_tag()) { $error = translate('Existing resource does not match "If-Match" header - not accepted.'); } else { if (isset($request->etag_none_match) && $request->etag_none_match != '' && $request->etag_none_match == $src->unique_tag()) { $error = translate('Existing resource matches "If-None-Match" header - not accepted.'); } } if ($error != '') { $request->DoResponse(412, $error); } } } $src->NeedPrivilege('DAV::unbind'); $dest->NeedPrivilege('DAV::write-content'); if (!$dest->Exists()) { $dest->NeedPrivilege('DAV::bind');
$request->DoResponse(409, translate('Destination collection does not exist')); } $container->NeedPrivilege('DAV::bind'); } else { if ($dest->IsCollection()) { if (!isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections) { $request->DoResponse(403, translate('You may not PUT to a collection URL')); } $request->DoResponse(403, translate('PUT on a collection is only allowed for text/calendar content against a calendar collection')); } $dest->NeedPrivilege('DAV::write-content'); } if (isset($request->etag_none_match) && $request->etag_none_match != '*' && $dest->Exists()) { $request->DoResponse(412); } if (isset($request->etag_if_match) && $request->etag_if_match != $dest->unique_tag()) { $request->DoResponse(412); } $collection_id = $container->GetProperty('collection_id'); $qry = new AwlQuery(); $qry->Begin(); $etag = md5($request->raw_post); $params = array(':user_no' => $dest->GetProperty('user_no'), ':dav_name' => $dest->bound_from(), ':etag' => $etag, ':dav_data' => $request->raw_post, ':session_user' => $session->user_no); if ($dest->Exists()) { $sql = 'UPDATE caldav_data SET caldav_data=:dav_data, dav_etag=:etag, logged_user=:session_user, modified=current_timestamp WHERE user_no=:user_no AND dav_name=:dav_name'; $response_code = 200; } else { $sql = 'INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, logged_user, created, modified, collection_id ) VALUES( :user_no, :dav_name, :etag, :dav_data, :session_user, current_timestamp, current_timestamp, :collection_id )'; $params[':collection_id'] = $collection_id;
if ($dav_resource->IsBinding()) { $params = array(':dav_name' => $dav_resource->dav_name()); if ($qry->QDo("DELETE FROM dav_binding WHERE dav_name = :dav_name", $params) && $qry->Commit()) { @dbg_error_log("DELETE", "DELETE: Binding: %d, ETag: %s, Path: %s", $session->user_no, $request->etag_if_match, $request->path); $request->DoResponse(204); } } else { if (delete_collection($dav_resource->resource_id()) && $qry->Commit()) { // Uncache anything to do with the collection $cache = getCacheInstance(); $cache->delete('collection-' . $dav_resource->dav_name(), null); $request->DoResponse(204); } } } else { if (isset($request->etag_if_match) && $request->etag_if_match != $dav_resource->unique_tag()) { $request->DoResponse(412, translate("Resource has changed on server - not deleted")); } // Check to see if we need to do any scheduling transactions for this one. do_scheduling_for_delete($dav_resource); // We need to serialise access to this process just for this collection $cache = getCacheInstance(); $myLock = $cache->acquireLock('collection-' . $dav_resource->parent_path()); $collection_id = $dav_resource->GetProperty('collection_id'); $params = array(':dav_id' => $dav_resource->resource_id()); if ($qry->QDo("DELETE FROM property WHERE dav_name = (SELECT dav_name FROM caldav_data WHERE dav_id = :dav_id)", $params) && $qry->QDo("DELETE FROM locks WHERE dav_name = (SELECT dav_name FROM caldav_data WHERE dav_id = :dav_id)", $params) && $qry->QDo("SELECT write_sync_change(collection_id, 404, caldav_data.dav_name) FROM caldav_data WHERE dav_id = :dav_id", $params) && $qry->QDo("DELETE FROM caldav_data WHERE dav_id = :dav_id", $params)) { if (function_exists('log_caldav_action')) { log_caldav_action('DELETE', $dav_resource->GetProperty('uid'), $dav_resource->GetProperty('user_no'), $collection_id, $request->path); } $qry->Commit(); @dbg_error_log("DELETE", "DELETE: User: %d, ETag: %s, Path: %s", $session->user_no, $request->etag_if_match, $request->path);
$request->DoResponse(403, translate('A DAViCal principal collection may only contain collections')); } if (!$container->Exists()) { $request->DoResponse(409, translate('Destination collection does not exist')); } $container->NeedPrivilege('DAV::bind'); } else { if ($dest->IsCollection()) { if (!isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections) { $request->DoResponse(403, translate('You may not PUT to a collection URL')); } $request->DoResponse(403, translate('PUT on a collection is only allowed for text/calendar content against a calendar collection')); } $dest->NeedPrivilege('DAV::write-content'); } $request->CheckEtagMatch($dest->Exists(), $dest->unique_tag()); $collection_id = $container->GetProperty('collection_id'); $qry = new AwlQuery(); $qry->Begin(); $etag = md5($request->raw_post); $params = array(':user_no' => $dest->GetProperty('user_no'), ':dav_name' => $dest->bound_from(), ':etag' => $etag, ':dav_data' => $request->raw_post, ':session_user' => $session->user_no); if ($dest->Exists()) { $sql = 'UPDATE caldav_data SET caldav_data=:dav_data, dav_etag=:etag, logged_user=:session_user, modified=current_timestamp WHERE user_no=:user_no AND dav_name=:dav_name'; $response_code = 200; } else { $sql = 'INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, logged_user, created, modified, collection_id ) VALUES( :user_no, :dav_name, :etag, :dav_data, :session_user, current_timestamp, current_timestamp, :collection_id )'; $params[':collection_id'] = $collection_id; $response_code = 201; }
if ($fh) { fwrite($fh, $request->raw_post); fclose($fh); } } controlRequestContainer($dav_resource->GetProperty('username'), $dav_resource->GetProperty('user_no'), $dav_resource->bound_from(), true); $lock_opener = $request->FailIfLocked(); if ($dav_resource->IsCollection()) { if ($dav_resource->IsPrincipal() || $dav_resource->IsBinding() || !isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections == true) { $request->DoResponse(405); // Method not allowed return; } $appending = isset($_GET['mode']) && $_GET['mode'] == 'append'; /** * CalDAV does not define the result of a PUT on a collection. We treat that * as an import. The code is in caldav-PUT-functions.php */ import_collection($request->raw_post, $request->user_no, $request->path, true, $appending); $request->DoResponse(200); return; } $etag = md5($request->raw_post); $request->CheckEtagMatch($dav_resource->Exists(), $dav_resource->unique_tag()); $put_action_type = $dav_resource->Exists() ? 'UPDATE' : 'INSERT'; $collection = $dav_resource->GetParentContainer(); write_resource($dav_resource, $request->raw_post, $collection, $session->user_no, $etag, $put_action_type, true, true); if (isset($etag)) { header(sprintf('ETag: "%s"', $etag)); } $request->DoResponse($dav_resource->Exists() ? 204 : 201);