mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-27 16:29:52 +01:00
enforce a certain strength of uid, as some clients set quite weak ones)
This commit is contained in:
parent
01407a4e38
commit
9f30e824b0
@ -249,7 +249,7 @@ class addressbook_groupdav extends groupdav_handler
|
|||||||
}
|
}
|
||||||
// SOGo requires that we keep it's path, but sets a different name-part then the uid
|
// SOGo requires that we keep it's path, but sets a different name-part then the uid
|
||||||
// we use there name-part as UID, to be able to allow it to access the contact again with that path
|
// we use there name-part as UID, to be able to allow it to access the contact again with that path
|
||||||
elseif (strlen($id) > 10 && strpos($_SERVER['HTTP_USER_AGENT'],'Thunderbird'))
|
elseif (strlen($id) > 20 && strpos($_SERVER['HTTP_USER_AGENT'],'Thunderbird'))
|
||||||
{
|
{
|
||||||
$contact['uid'] = basename($id,'.vcf');
|
$contact['uid'] = basename($id,'.vcf');
|
||||||
}
|
}
|
||||||
@ -273,7 +273,7 @@ class addressbook_groupdav extends groupdav_handler
|
|||||||
if (is_null($ok))
|
if (is_null($ok))
|
||||||
{
|
{
|
||||||
header($h='Location: '.$this->base_uri.self::get_path($contact));
|
header($h='Location: '.$this->base_uri.self::get_path($contact));
|
||||||
error_log(__METHOD__."($method,,$id) header('$h'): 201 Created");
|
if ($this->debug) error_log(__METHOD__."($method,,$id) header('$h'): 201 Created");
|
||||||
return '201 Created';
|
return '201 Created';
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
@ -307,7 +307,7 @@ class addressbook_groupdav extends groupdav_handler
|
|||||||
{
|
{
|
||||||
return $contact;
|
return $contact;
|
||||||
}
|
}
|
||||||
if ($this->bo->delete($contact['id'],self::etag2value($this->http_if_match)) === 0)
|
if (($Ok = $this->bo->delete($contact['id'],self::etag2value($this->http_if_match))) === 0)
|
||||||
{
|
{
|
||||||
return '412 Precondition Failed';
|
return '412 Precondition Failed';
|
||||||
}
|
}
|
||||||
|
@ -632,7 +632,8 @@ class addressbook_sql extends so_sql
|
|||||||
$this->data['etag'] = 0;
|
$this->data['etag'] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!$err && !$this->data['uid'])
|
// enforce a minium uid strength
|
||||||
|
if (!$err && (strlen($this->data['uid']) < 20 || is_numeric($this->data['uid'])))
|
||||||
{
|
{
|
||||||
parent::update(array('uid' => common::generate_uid('addressbook',$this->data['id'])));
|
parent::update(array('uid' => common::generate_uid('addressbook',$this->data['id'])));
|
||||||
$this->data['etag']++;
|
$this->data['etag']++;
|
||||||
|
@ -514,8 +514,9 @@ ORDER BY cal_user_type, cal_usre_id
|
|||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// new event (without uid) or new created referencing event => create new uid
|
// new event (without uid), not strong enough uid or new created referencing event => create new uid
|
||||||
if (!$event['cal_uid'] || $event['cal_reference'] && strpos($event['cal_uid'],'cal-'.$event['calreference'].'-') !== false)
|
if (strlen($event['cal_uid']) < 20 || is_nummeric($event['cal_uid']) ||
|
||||||
|
$event['cal_reference'] && strpos($event['cal_uid'],'cal-'.$event['calreference'].'-') !== false)
|
||||||
{
|
{
|
||||||
$event['cal_uid'] = $GLOBALS['egw']->common->generate_uid('calendar',$cal_id);
|
$event['cal_uid'] = $GLOBALS['egw']->common->generate_uid('calendar',$cal_id);
|
||||||
$this->db->update($this->cal_table,array('cal_uid' => $event['cal_uid']),array('cal_id' => $cal_id),__LINE__,__FILE__,'calendar');
|
$this->db->update($this->cal_table,array('cal_uid' => $event['cal_uid']),array('cal_id' => $cal_id),__LINE__,__FILE__,'calendar');
|
||||||
|
@ -42,6 +42,7 @@ class groupdav extends HTTP_WebDAV_Server
|
|||||||
const REALM = 'eGroupWare CalDAV/CardDAV/GroupDAV server';
|
const REALM = 'eGroupWare CalDAV/CardDAV/GroupDAV server';
|
||||||
|
|
||||||
var $dav_powered_by = self::REALM;
|
var $dav_powered_by = self::REALM;
|
||||||
|
var $http_auth_realm = self::REALM;
|
||||||
|
|
||||||
var $root = array(
|
var $root = array(
|
||||||
'calendar' => array(self::GROUPDAV => 'vevent-collection', self::CALDAV => 'calendar'),
|
'calendar' => array(self::GROUPDAV => 'vevent-collection', self::CALDAV => 'calendar'),
|
||||||
|
@ -203,7 +203,7 @@ abstract class groupdav_handler
|
|||||||
return '403 Forbidden'; // no app rights
|
return '403 Forbidden'; // no app rights
|
||||||
}
|
}
|
||||||
$extra_acl = $this->method2acl[$method];
|
$extra_acl = $this->method2acl[$method];
|
||||||
if (!($entry = $this->read($id)) && ($method != 'PUT' || $event === false) ||
|
if (!($entry = $this->read($id)) && ($method != 'PUT' || $entry === false) ||
|
||||||
($extra_acl != EGW_ACL_READ && $this->check_access($extra_acl,$entry) === false))
|
($extra_acl != EGW_ACL_READ && $this->check_access($extra_acl,$entry) === false))
|
||||||
{
|
{
|
||||||
if ($return_no_access && !is_null($entry))
|
if ($return_no_access && !is_null($entry))
|
||||||
|
Loading…
Reference in New Issue
Block a user