extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-05 17:42:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix storing and retrieval of urls containing % or %25

Browse Source 
- PUT with url containing an encoded % (%25) was stored as is, due to minimal encoding in HTTP_WebDAV_Server class, now this is changed back to store just %
- PROPFIND/REPORT was urldecoding the caldav_name/path, so % as well as %25 were reported as %25
- multiget REPORT was not finding a caldav_name containing %25 reported in PROPFIND as %2525
--> all above is working now and caldav_name with %25 or %2525 can not read via multiget
This commit is contained in:
Ralf Becker 2018-10-09 18:03:17 +02:00
parent c3c887da98
commit d8e6c3b919
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api/src/CalDAV.php
View File

@ -2009,7 +2009,12 @@ class CalDAV extends HTTP_WebDAV_Server
$user = $GLOBALS['egw_info']['user']['account_id'];
}
$id = array_pop($parts);
// Api\WebDAV\Server encodes %, # and ? again, which leads to storing eg. '%' as '%25'
$id = strtr(array_pop($parts), array(
'%25' => '%',
'%23' => '#',
'%3F' => '?',
));
$ok = ($id || isset($_GET['add-member']) && $_SERVER['REQUEST_METHOD'] == 'POST') &&
($user || $user === 0) && in_array($app,array('addressbook','calendar','infolog','principals'));

9
api/src/CalDAV/Handler.php
View File

@ -274,9 +274,9 @@ abstract class Handler
* - etag handling for precondition failed and not modified
*
* @param string $method GET, PUT, DELETE
* @param array &$options
* @param int|string &$id on return self::$path_extension got removed
* @param boolean &$return_no_access=false if set to true on call, instead of '403 Forbidden' the entry is returned and $return_no_access===false
* @param array& $options
* @param int|string& $id on return self::$path_extension got removed
* @param boolean& $return_no_access =false if set to true on call, instead of '403 Forbidden' the entry is returned and $return_no_access===false
* @param boolean $ignore_if_match =false if true, ignore If-Match precondition
* @return array|string entry on success, string with http-error-code on failure, null for PUT on an unknown id
*/
@ -657,8 +657,7 @@ abstract class Handler
$type = $this->accounts->get_type($entry['owner']) == 'u' ? 'users' : 'groups';
$props['owner'] = Api\CalDAV::mkprop('href', $this->base_uri.'/principals/'.$type.'/'.$account_lid.'/');
}
// we urldecode here, as Api\CalDAV uses a minimal (#?%) urlencoding for incomming pathes and urlencodes pathes in propfind
return $this->caldav->add_resource($path.urldecode($this->get_path($entry)), $props, $privileges);
return $this->caldav->add_resource($path.$this->get_path($entry), $props, $privileges);
}
/**