Commit graph

173 commits

Author SHA1 Message Date
Lukas Reschke
3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Joas Schilling
984933e586
Only use readable chars in Share Tokens
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-18 15:44:34 +02:00
Joas Schilling
90fa27694a
Use PNG version of the icons for shipped activities
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-20 13:48:51 +02:00
Morris Jobke
ca3c69c8ae Merge pull request #5298 from nextcloud/bugfix/4885/calendar_shares_url_special_char_issue
urldecode group principals in Cal- and CardDAV backend
2017-06-14 23:10:40 -05:00
Morris Jobke
ac565cecad Merge pull request #5300 from nextcloud/bugfix/noid/fix_proppatch_requests_to_groupshares
allow users to send PropPatch request when calendar is group-shared with them
2017-06-14 23:00:39 -05:00
Georg Ehrke
35781ae45c
urldecode group principals in Cal- and CardDAV backend
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-12 21:01:30 +02:00
Georg Ehrke
0f1d47cdf3
allow users to send PropPatch request when calendar is group-shared with them
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-08 09:21:56 +02:00
Georg Ehrke
9563c25c69
allow PropPatch requests to contact_birthdays
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-08 08:00:52 +02:00
Georg Ehrke
4b5379309e
fix replacing of 4MB Unicode Chars in cal props table
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-05-21 13:26:46 +02:00
Georg Ehrke
255442f281
fix PROPPATCH requests to read-only shared calendars
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-05-08 12:09:15 +02:00
Georg Ehrke
0f8a9514de
rename calendarobjects_properties -> calendarobjects_props
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-28 20:21:46 +02:00
Georg Ehrke
8d00458b56
unit test custom calendar search
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-28 20:21:36 +02:00
Georg Ehrke
c76633bb8a
require at least one param or prop filter element
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 18:20:32 +02:00
Georg Ehrke
ac3cc5211b
updateProperties: catch exception when reading calendar data
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 16:42:41 +02:00
Georg Ehrke
dd424fcb7b
unit test CalDAV Search Plugin
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 16:39:17 +02:00
Georg Ehrke
40eec1e63c
add repairstep with backgroundjob to index calendar data
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 11:55:31 +02:00
Georg Ehrke
e760cda96f
remove unused CalendarSearchValidator
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-24 22:38:21 +02:00
Georg Ehrke
57b543a918
add Nextcloud Search extension to CalDAV
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-24 22:38:20 +02:00
Joas Schilling
3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports
Remove unused use statements
2017-04-24 11:47:37 +02:00
Georg Ehrke
c89e057d27
add owner-displayname property to calendars and addressbooks
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-23 11:26:49 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Joas Schilling
088f4422f9
Fix remaining "PHP Inspection" warnings
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 10:44:11 +02:00
Joas Schilling
62ef59616d
Add public access modifier to all methods
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 10:44:11 +02:00
Joas Schilling
c2d1e6e7ff
Restrict share handling to the owner only
Otherwise group members can remove the share for the complete group,
remove edit permissions and even single user shares for other users.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 10:44:11 +02:00
Georg Ehrke
c99bdc9eb4
don't remove owner property for public calendars
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-09 21:20:59 +02:00
Lukas Reschke
63288ebc50
Don't list on public calendar endpoints
There is no need to allow listing here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-05 22:43:05 +02:00
Morris Jobke
51bcb0bbe1 Merge pull request #3620 from nextcloud/feature/1463/editable_color_name_for_shared_calendars
allow sharees to edit certain calendar properties for themselves
2017-04-03 13:12:56 -05:00
Joas Schilling
43143e170e
Make sure transparency is an integer when saving a calendar
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-30 17:58:33 +02:00
Georg Ehrke
b887adf386
allow sharees to edit certain calendar properties for themselves
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-03-27 17:21:57 +02:00
Georg Ehrke
896dd76ab5
fix bug with shared_by for own calendars if shared
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-03-25 23:07:09 +01:00
Joas Schilling
2eb27c636d
Make sure shares use read-write when available
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-02 12:28:57 +01:00
Joas Schilling
6dbdca0721
Don't waste energy unless necessary
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-02 12:28:56 +01:00
Georg Ehrke
97d3020027
fix shared-as-busy events for owner
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-01-26 12:06:07 +01:00
Joas Schilling
a70a081fff
Make sure the used event type and the setting/filter are the same
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-10 12:28:55 +01:00
Thomas Müller
d5d726fc24
Fix generation of birthday, deathdate and anniversary in case where no year is set - which is allowed as per https://tools.ietf.org/html/rfc6350#section-6.2.5 (#26756)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-01-05 09:00:33 +01:00
Roeland Jago Douma
db3c918adb
Fix legacy caldav endpoints
* CaldavBackend is now endpoint aware (use old style principals on old
endpoint and new onces on new).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-01-02 15:02:18 +01:00
Lukas Reschke
3c34b8577c
Add test execution against legacy DAV backend
Since the tests to quite hugely rely on sync tokens being present I also included those in the legacy backend.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-01-02 15:02:18 +01:00
Joas Schilling
89ba394c89
Fix the Todos filter
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-12 15:26:28 +01:00
Joas Schilling
474720ff1c
Overwrite the schedule target calendar with the personal one and create it if missing
Otherwise this leads to problems like events being added to the birthday calendar,
if that one is the first calendar which was created for the user. See:
https://github.com/nextcloud/server/pull/2274

Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-09 09:34:25 +01:00
Joas Schilling
b2f46bfa04
Adjust all implementations in the server repo
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-01 11:35:23 +01:00
Joas Schilling
b4d76b16b4
Add tests for the base provider
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-30 12:04:19 +01:00
Joas Schilling
ad10c5c4b4
Deduplicate the provider code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-30 11:39:38 +01:00
Joas Schilling
4c0263b78a
Move event and todo parsing to new API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-29 16:27:12 +01:00
Joas Schilling
8d87e39146
Deduplicate icon assignment
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-29 16:08:58 +01:00
Joas Schilling
ddc82b4ca2
Move calendar activity parsing to new API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-29 15:47:43 +01:00
Joas Schilling
a16fd3991a
Move CalDAV activity settings to new API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-29 15:06:54 +01:00
Joas Schilling
253a75e5ae
Move CalDAV activity filters to new API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-29 15:04:08 +01:00
Lukas Reschke
d0c3c5cee3 Merge pull request #2225 from nextcloud/fix_caldav_proppatch_requests
fix PropPatch requests on calendars
2016-11-21 22:54:17 +01:00
Georg Ehrke
3a8c4230be
fix PropPatch requests on calendars
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2016-11-21 22:10:51 +01:00
Georg Ehrke
44f55fe415
BirthdayCalendar: fix issue with birthyear to high when birthday on Dec 31st
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2016-11-17 15:28:15 +01:00
Joas Schilling
6047493b6d
Fix integration tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:46 +01:00
Roeland Jago Douma
1e6175dfcb
Fix CalendarTest
* Made sure delete from self works again (and is tested)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-04 15:40:59 +01:00
Roeland Jago Douma
c016d947e2
Fix plugin
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-04 15:10:38 +01:00
Roeland Jago Douma
6d1c0be47d
Minor fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-04 15:10:15 +01:00
Thomas Müller
c778b1bade
Update sabre dav to 3.2 (#26115)
* Update sabre/dav to 3.2.0

* Adjust code to work with sabre/dav 3.2.0 and it's dependencies

* Adding own CalDAV plugin to fix calendar home property

* Test if there is a user logged in when listing files home

* Update sabre version used by integration tests

* Disable unauthenticated DAV access

This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.

=====

* Fixed so cherry-pick was succesfull

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-04 13:35:10 +01:00
Joas Schilling
52dd27892b
Use the event dispatcher
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:59 +01:00
Joas Schilling
d3e8463de2
Use a different type for events and todos
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:59 +01:00
Joas Schilling
43b46bcc6a
Activities for events and todos
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:58 +01:00
Joas Schilling
07f6747305
Move the methods into a new class
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:58 +01:00
Joas Schilling
776622f3de
Add activities for shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:58 +01:00
Joas Schilling
35ce4c772c
Fix unshare actions for author != owner
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:58 +01:00
Joas Schilling
9a7c522cc6
Add activity for unshare from group
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:58 +01:00
Joas Schilling
83d51afab1
Unshare user activities
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:57 +01:00
Joas Schilling
90578327d5
Start working on calendar activities
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-03 12:07:57 +01:00
Thomas Müller
5cd90d4116
[9.2] Sync deathdate and anniversary to birthday calendar (#25655)
* Sync deathdate and anniversary to birthday calendar (which should be renamed maybe)

* Sync deathdate and anniversary to birthday calendar (which should be renamed maybe)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-14 10:12:43 +02:00
Joas Schilling
a4f82f13f3
Translate the personal calendar
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-06 14:19:58 +02:00
Morris Jobke
ef0760f84f Merge pull request #1545 from nextcloud/delete-calendars-with-their-users
Delete calendars with their users
2016-09-28 21:42:55 +02:00
Thomas Citharel
6c8bcb38f1
Rename deleteAllSharesForUser() to deleteAllSharesByUser()
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2016-09-28 15:32:03 +02:00
Lukas Reschke
06e969cb74 Merge pull request #1197 from nextcloud/oc-public-sharing
CalDAV calendar public sharing
2016-09-27 18:51:40 +02:00
Thomas Citharel
da1543eef7
fix deletion of calendars
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-27 18:33:56 +02:00
Thomas Citharel
5215833fe4
delete shares to an user
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-27 18:30:19 +02:00
Lukas Reschke
4f4286932f Merge pull request #1457 from nextcloud/upstream-fix-birthday-calendar-component
[Upstream] fix birthday calendar component
2016-09-26 13:21:08 +02:00
Thomas Citharel
dcc23114e9
fix annotations & copyright headers 2016-09-26 11:55:43 +02:00
Thomas Citharel
17d5dfdeb1
add in same request 2016-09-26 11:55:43 +02:00
Thomas Citharel
8360222554
fix public calendars 2016-09-26 11:55:42 +02:00
Thomas Müller
d884370844
Use true random string as uri for public calendars - as a result we can no longer return the pre-publish-url 2016-09-26 11:55:42 +02:00
Lukas Reschke
4659e3ab59
Add new constructor args 2016-09-26 11:55:42 +02:00
Thomas Citharel
3e9a346223
add calendarserver-sharing to the list of advertised features 2016-09-26 11:55:41 +02:00
Thomas Citharel
ad0eeaaf1c
use AllowedSharingModes for can-be-published & can-be-shared 2016-09-26 11:55:41 +02:00
Thomas Citharel
6378dbca7e
fix can-be-published 2016-09-26 11:55:41 +02:00
Thomas Citharel
f16ea48e96
add can-be-published property 2016-09-26 11:55:40 +02:00
Thomas Citharel
a4fe596a21
add space between calendarname and owner name 2016-09-26 11:55:40 +02:00
Thomas Citharel
8433c3ca31
fix getChild() 2016-09-26 11:55:40 +02:00
Thomas Citharel
691b3ab448
Add publicuri to oc_dav_shares table and start working with it 2016-09-26 11:55:39 +02:00
Thomas Citharel
dd248caa09
fix some bracket positions 2016-09-26 11:55:39 +02:00
Thomas Citharel
1899116509
move getPublicCalendar inside the caldav backend 2016-09-26 11:55:39 +02:00
Thomas Citharel
762726d988
fix indent once and for all 2016-09-26 11:55:39 +02:00
Thomas Citharel
3921385ed3
fix things (indentation, tests, comments, backend custom implementation 2016-09-26 11:55:39 +02:00
Thomas Müller
d0ec6b9c15
Disable OPTIONS handling - done by sabre 2016-09-26 11:55:38 +02:00
Thomas Citharel
aadb56dfcc
Fix wrong way to get publish status 2016-09-26 11:55:37 +02:00
Thomas Citharel
2df69ec7f4
correct get published status and minor fixes 2016-09-26 11:55:37 +02:00
Thomas Citharel
aca305332a
Fix DB call for MySQL databases 2016-09-26 11:55:37 +02:00
Thomas Citharel
994001c480
Dirty hack to disable dav plugins on public calendar urls 2016-09-26 11:55:36 +02:00
Thomas Müller
00dc157b19
Fix requests for browser plugin as well as for the public calendar root folder 2016-09-26 11:55:36 +02:00
Thomas Müller
e7085aab38
Allow not-authenticated access to specific urls 2016-09-26 11:55:36 +02:00
Thomas Müller
90ab6e4fd9
Add new root collection public-calendars which holds all public calendars 2016-09-26 11:55:36 +02:00
Thomas Citharel
8da2100e7d
Start work on returning CalDAV published calendars 2016-09-26 11:55:35 +02:00
Thomas Citharel
bd0aae8636
No need to call database twice 2016-09-26 11:55:35 +02:00
Thomas Citharel
7e5a82b968
Use urlgenerator to generate an absolute url
And pass Config the correct way too
2016-09-26 11:55:35 +02:00
Thomas Citharel
72f35f8862
Use ressource ID instead of name 2016-09-26 11:55:35 +02:00