mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-13 09:28:31 +01:00
enforce a certain strength of uid, as some clients set quite weak ones)
This commit is contained in:
parent
01407a4e38
commit
9f30e824b0
@ -249,7 +249,7 @@ class addressbook_groupdav extends groupdav_handler
|
||||
}
|
||||
// SOGo requires that we keep it's path, but sets a different name-part then the uid
|
||||
// we use there name-part as UID, to be able to allow it to access the contact again with that path
|
||||
elseif (strlen($id) > 10 && strpos($_SERVER['HTTP_USER_AGENT'],'Thunderbird'))
|
||||
elseif (strlen($id) > 20 && strpos($_SERVER['HTTP_USER_AGENT'],'Thunderbird'))
|
||||
{
|
||||
$contact['uid'] = basename($id,'.vcf');
|
||||
}
|
||||
@ -273,7 +273,7 @@ class addressbook_groupdav extends groupdav_handler
|
||||
if (is_null($ok))
|
||||
{
|
||||
header($h='Location: '.$this->base_uri.self::get_path($contact));
|
||||
error_log(__METHOD__."($method,,$id) header('$h'): 201 Created");
|
||||
if ($this->debug) error_log(__METHOD__."($method,,$id) header('$h'): 201 Created");
|
||||
return '201 Created';
|
||||
}
|
||||
return true;
|
||||
@ -307,7 +307,7 @@ class addressbook_groupdav extends groupdav_handler
|
||||
{
|
||||
return $contact;
|
||||
}
|
||||
if ($this->bo->delete($contact['id'],self::etag2value($this->http_if_match)) === 0)
|
||||
if (($Ok = $this->bo->delete($contact['id'],self::etag2value($this->http_if_match))) === 0)
|
||||
{
|
||||
return '412 Precondition Failed';
|
||||
}
|
||||
|
@ -632,7 +632,8 @@ class addressbook_sql extends so_sql
|
||||
$this->data['etag'] = 0;
|
||||
}
|
||||
}
|
||||
if (!$err && !$this->data['uid'])
|
||||
// enforce a minium uid strength
|
||||
if (!$err && (strlen($this->data['uid']) < 20 || is_numeric($this->data['uid'])))
|
||||
{
|
||||
parent::update(array('uid' => common::generate_uid('addressbook',$this->data['id'])));
|
||||
$this->data['etag']++;
|
||||
|
@ -514,8 +514,9 @@ ORDER BY cal_user_type, cal_usre_id
|
||||
{
|
||||
return false;
|
||||
}
|
||||
// new event (without uid) or new created referencing event => create new uid
|
||||
if (!$event['cal_uid'] || $event['cal_reference'] && strpos($event['cal_uid'],'cal-'.$event['calreference'].'-') !== false)
|
||||
// new event (without uid), not strong enough uid or new created referencing event => create new uid
|
||||
if (strlen($event['cal_uid']) < 20 || is_nummeric($event['cal_uid']) ||
|
||||
$event['cal_reference'] && strpos($event['cal_uid'],'cal-'.$event['calreference'].'-') !== false)
|
||||
{
|
||||
$event['cal_uid'] = $GLOBALS['egw']->common->generate_uid('calendar',$cal_id);
|
||||
$this->db->update($this->cal_table,array('cal_uid' => $event['cal_uid']),array('cal_id' => $cal_id),__LINE__,__FILE__,'calendar');
|
||||
|
@ -42,6 +42,7 @@ class groupdav extends HTTP_WebDAV_Server
|
||||
const REALM = 'eGroupWare CalDAV/CardDAV/GroupDAV server';
|
||||
|
||||
var $dav_powered_by = self::REALM;
|
||||
var $http_auth_realm = self::REALM;
|
||||
|
||||
var $root = array(
|
||||
'calendar' => array(self::GROUPDAV => 'vevent-collection', self::CALDAV => 'calendar'),
|
||||
|
@ -203,7 +203,7 @@ abstract class groupdav_handler
|
||||
return '403 Forbidden'; // no app rights
|
||||
}
|
||||
$extra_acl = $this->method2acl[$method];
|
||||
if (!($entry = $this->read($id)) && ($method != 'PUT' || $event === false) ||
|
||||
if (!($entry = $this->read($id)) && ($method != 'PUT' || $entry === false) ||
|
||||
($extra_acl != EGW_ACL_READ && $this->check_access($extra_acl,$entry) === false))
|
||||
{
|
||||
if ($return_no_access && !is_null($entry))
|
||||
|
Loading…
Reference in New Issue
Block a user