17require_once(
"AwlCache.php");
18require_once(
"XMLDocument.php");
19require_once(
"DAVPrincipal.php");
20require_once(
"DAVTicket.php");
22define(
'DEPTH_INFINITY', 9999);
120 public $content_type;
126 public $principal_id;
128 public $_is_collection;
129 public $_is_principal;
130 public $_is_proxy_request;
131 public $_locks_found;
133 public $etag_if_match;
134 public $etag_none_match;
144 global $session, $c, $debugging;
146 $this->options = $options;
147 if ( !isset($this->options[
'allow_by_email']) ) $this->options[
'allow_by_email'] =
false;
149 if ( isset($_SERVER[
'HTTP_PREFER']) ) {
150 $this->prefer = explode(
',', $_SERVER[
'HTTP_PREFER']);
152 else if ( isset($_SERVER[
'HTTP_BRIEF']) && (strtoupper($_SERVER[
'HTTP_BRIEF']) ==
'T') ) {
153 $this->prefer = array(
'return=minimal');
156 $this->prefer = array();
171 if ( isset($_SERVER[
'PATH_INFO']) ) {
172 $this->path = $_SERVER[
'PATH_INFO'];
176 if ( isset($_SERVER[
'REQUEST_URI']) ) {
177 if ( preg_match(
'{^(.*?\.php)([^?]*)}', $_SERVER[
'REQUEST_URI'], $matches ) ) {
178 $this->path = $matches[2];
179 if ( substr($this->path,0,1) !=
'/' )
180 $this->path =
'/'.$this->path;
183 else if ( isset($_SERVER[
'REQUEST_URI']) && isset($_SERVER[
'SCRIPT_NAME'] ) ) {
184 if ( preg_match(
'{^(.*?\.php)([^?]*)}', $_SERVER[
'SCRIPT_NAME'] ) ) {
185 $this->path = $_SERVER[
'REQUEST_URI'];
188 else if ( $_SERVER[
'REQUEST_URI'] !=
'/' ) {
189 dbg_error_log(
'LOG',
'Server is not supplying PATH_INFO and REQUEST_URI does not include a PHP program. Wildly guessing "/"!!!');
193 $this->path = rawurldecode($this->path);
196 if ( preg_match(
'#^(/[^/]+/[^/]+).ics$#', $this->path, $matches ) ) {
197 $this->path = $matches[1].
'/';
200 if ( isset($c->replace_path) && isset($c->replace_path[
'from']) && isset($c->replace_path[
'to']) ) {
201 $this->path = preg_replace($c->replace_path[
'from'], $c->replace_path[
'to'], $this->path);
205 $bad_chars_regex =
'/[\\^\\[\\(\\\\]/';
206 if ( preg_match( $bad_chars_regex, $this->path ) ) {
207 $this->
DoResponse( 400, translate(
"The calendar path contains illegal characters.") );
209 if ( strstr($this->path,
'//') ) $this->path = preg_replace(
'#//+#',
'/', $this->path);
211 if ( !isset($c->raw_post) ) $c->raw_post = file_get_contents(
'php://input');
212 if ( isset($_SERVER[
'HTTP_CONTENT_ENCODING']) ) {
213 $encoding = $_SERVER[
'HTTP_CONTENT_ENCODING'];
214 @dbg_error_log(
'caldav',
'Content-Encoding: %s', $encoding );
215 $encoding = preg_replace(
'{[^a-z0-9-]}i',
'',$encoding);
216 if ( ! ini_get(
'open_basedir') && (isset($c->dbg[
'ALL']) || isset($c->dbg[
'caldav'])) ) {
217 $fh = fopen(
'/var/log/davical/encoded_data.debug'.$encoding,
'w');
219 fwrite($fh,$c->raw_post);
223 switch( $encoding ) {
225 $this->raw_post = @gzdecode($c->raw_post);
228 $this->raw_post = @gzinflate($c->raw_post);
231 $this->raw_post = @gzuncompress($c->raw_post);
235 if ( empty($this->raw_post) && !empty($c->raw_post) ) {
236 $this->
PreconditionFailed(415,
'content-encoding', sprintf(
'Unable to decode "%s" content encoding.', $_SERVER[
'HTTP_CONTENT_ENCODING']));
241 $this->raw_post = $c->raw_post;
244 if ( isset($debugging) && isset($_GET[
'method']) ) {
245 $_SERVER[
'REQUEST_METHOD'] = $_GET[
'method'];
247 else if ( $_SERVER[
'REQUEST_METHOD'] ==
'POST' && isset($_SERVER[
'HTTP_X_HTTP_METHOD_OVERRIDE']) ){
248 $_SERVER[
'REQUEST_METHOD'] = $_SERVER[
'HTTP_X_HTTP_METHOD_OVERRIDE'];
250 $this->method = $_SERVER[
'REQUEST_METHOD'];
251 if (isset($_SERVER[
'CONTENT_TYPE'])) {
252 $this->content_type = $_SERVER[
'CONTENT_TYPE'];
253 if ( preg_match(
'{^(\S+/\S+?)\s*(;.*)?$}', $this->content_type, $matches ) ) {
254 $this->content_type = $matches[1];
257 $this->content_type =
null;
259 if ( strlen($c->raw_post) > 0 ) {
260 if ( $this->method ==
'PROPFIND' || $this->method ==
'REPORT' || $this->method ==
'PROPPATCH' || $this->method ==
'BIND' || $this->method ==
'MKTICKET' || $this->method ==
'ACL' ) {
261 if ( !preg_match(
'{^(text|application)/xml$}', $this->content_type ) ) {
262 @dbg_error_log(
"LOG request",
'Request is "%s" but client set content-type to "%s". Assuming they meant XML!',
263 $this->method, $this->content_type );
264 $this->content_type =
'text/xml';
267 else if ( $this->method ==
'PUT' || $this->method ==
'POST' ) {
272 $this->content_type =
'text/plain';
274 $this->user_agent = ((isset($_SERVER[
'HTTP_USER_AGENT']) ? $_SERVER[
'HTTP_USER_AGENT'] :
"Probably Mulberry"));
279 if ( isset($_SERVER[
'HTTP_DEPTH']) ) {
280 $this->depth = $_SERVER[
'HTTP_DEPTH'];
288 switch( $this->method ) {
293 $this->depth =
'infinity';
305 if ( !is_int($this->depth) &&
"infinity" ==
$this->depth ) $this->depth = DEPTH_INFINITY;
306 $this->depth = intval($this->depth);
311 if ( isset($_SERVER[
'HTTP_DESTINATION']) ) {
312 $this->destination = $_SERVER[
'HTTP_DESTINATION'];
313 if ( preg_match(
'{^(https?)://([a-z.-]+)(:[0-9]+)?(/.*)$}', $this->destination, $matches ) ) {
314 $this->destination = $matches[4];
317 $this->overwrite = ( isset($_SERVER[
'HTTP_OVERWRITE']) && ($_SERVER[
'HTTP_OVERWRITE'] ==
'F') ?
false :
true );
322 if ( isset($_SERVER[
'HTTP_IF']) ) $this->if_clause = $_SERVER[
'HTTP_IF'];
323 if ( isset($_SERVER[
'HTTP_LOCK_TOKEN']) && preg_match(
'#[<]opaquelocktoken:(.*)[>]#', $_SERVER[
'HTTP_LOCK_TOKEN'], $matches ) ) {
324 $this->lock_token = $matches[1];
330 if ( isset($_GET[
'ticket']) ) {
331 $this->ticket =
new DAVTicket($_GET[
'ticket']);
333 else if ( isset($_SERVER[
'HTTP_TICKET']) ) {
334 $this->ticket =
new DAVTicket($_SERVER[
'HTTP_TICKET']);
340 if ( isset($_SERVER[
'HTTP_TIMEOUT']) ) {
341 $timeouts = explode(
',', $_SERVER[
'HTTP_TIMEOUT'] );
342 foreach( $timeouts AS $k => $v ) {
343 if ( strtolower($v) ==
'infinite' ) {
344 $this->timeout = (isset($c->maximum_lock_timeout) ? $c->maximum_lock_timeout : 86400 * 100);
347 elseif ( strtolower(substr($v,0,7)) ==
'second-' ) {
348 $this->timeout = min( intval(substr($v,7)), (isset($c->maximum_lock_timeout) ? $c->maximum_lock_timeout : 86400 * 100) );
352 if ( ! isset($this->timeout) || $this->timeout == 0 ) $this->timeout = (isset($c->default_lock_timeout) ? $c->default_lock_timeout : 900);
355 $this->principal =
new Principal(
'path',$this->path);
368 $sql =
"SELECT * FROM collection WHERE dav_name = :exact_name";
369 $params = array(
':exact_name' => $this->path );
370 if ( !preg_match(
'#/$#', $this->path ) ) {
371 $sql .=
" OR dav_name = :truncated_name OR dav_name = :trailing_slash_name";
372 $params[
':truncated_name'] = preg_replace(
'#[^/]*$#',
'', $this->path);
373 $params[
':trailing_slash_name'] = $this->path.
"/";
375 $sql .=
" ORDER BY LENGTH(dav_name) DESC LIMIT 1";
376 $qry =
new AwlQuery( $sql, $params );
377 if ( $qry->Exec(
'caldav',__LINE__,__FILE__) && $qry->rows() == 1 && ($row = $qry->Fetch()) ) {
378 if ( $row->dav_name == $this->path.
"/" ) {
379 $this->path = $row->dav_name;
380 dbg_error_log(
"caldav",
"Path is actually a collection - sending Content-Location header." );
381 header(
"Content-Location: ".ConstructURL($this->path) );
384 $this->collection_id = $row->collection_id;
385 $this->collection_path = $row->dav_name;
386 $this->collection_type = ($row->is_calendar ==
't' ?
'calendar' :
'collection');
387 $this->collection = $row;
388 if ( preg_match(
'#^((/[^/]+/)\.(in|out)/)[^/]*$#', $this->path, $matches ) ) {
389 $this->collection_type =
'schedule-'. $matches[3].
'box';
393 else if ( preg_match(
'{^( ( / ([^/]+) / ) \.(in|out)/ ) [^/]*$}x', $this->path, $matches ) ) {
395 $params = array(
':username' => $matches[3],
':parent_container' => $matches[2],
':dav_name' => $matches[1] );
396 $params[
':boxname'] = ($matches[4] ==
'in' ?
' Inbox' :
' Outbox');
397 $this->collection_type =
'schedule-'. $matches[4].
'box';
398 $params[
':resourcetypes'] = sprintf(
'<DAV::collection/><urn:ietf:params:xml:ns:caldav:%s/>', $this->collection_type );
400INSERT INTO collection ( user_no, parent_container,
dav_name, dav_displayname, is_calendar, created, modified, dav_etag, resourcetypes )
401 VALUES( (SELECT user_no FROM usr WHERE username = text(:username)),
403 (SELECT fullname FROM usr WHERE username = text(:username)) || :boxname,
404 FALSE, current_timestamp, current_timestamp,
'1', :resourcetypes )
407 $qry =
new AwlQuery( $sql, $params );
408 $qry->Exec(
'caldav',__LINE__,__FILE__);
409 dbg_error_log(
'caldav',
'Created new collection as "%s".', trim($params[
':boxname']) );
412 $cache = getCacheInstance();
413 $cache->delete(
'collection-'.$params[
':dav_name'],
null );
414 $cache->delete(
'principal-'.$params[
':parent_container'],
null );
416 $qry =
new AwlQuery(
"SELECT * FROM collection WHERE dav_name = :dav_name", array(
':dav_name' => $matches[1] ) );
417 if ( $qry->Exec(
'caldav',__LINE__,__FILE__) && $qry->rows() == 1 && ($row = $qry->Fetch()) ) {
418 $this->collection_id = $row->collection_id;
419 $this->collection_path = $matches[1];
420 $this->collection = $row;
424 else if ( preg_match(
'#^((/[^/]+/)calendar-proxy-(read|write))/?[^/]*$#', $this->path, $matches ) ) {
425 $this->collection_type =
'proxy';
426 $this->_is_proxy_request =
true;
427 $this->proxy_type = $matches[3];
428 $this->collection_path = $matches[1].
'/';
429 if ( $this->collection_path == $this->path.
"/" ) {
431 dbg_error_log(
"caldav",
"Path is actually a (proxy) collection - sending Content-Location header." );
432 header(
"Content-Location: ".ConstructURL($this->path) );
435 else if ( $this->options[
'allow_by_email'] && preg_match(
'#^/(\S+@\S+[.]\S+)/?$#', $this->path) ) {
437 $this->collection_id = -1;
438 $this->collection_type =
'email';
439 $this->collection_path = $this->path;
440 $this->_is_principal =
true;
442 else if ( preg_match(
'#^(/[^/?]+)/?$#', $this->path, $matches) || preg_match(
'#^(/principals/[^/]+/[^/]+)/?$#', $this->path, $matches) ) {
443 $this->collection_id = -1;
444 $this->collection_path = $matches[1].
'/';
445 $this->collection_type =
'principal';
446 $this->_is_principal =
true;
447 if ( $this->collection_path == $this->path.
"/" ) {
449 dbg_error_log(
"caldav",
"Path is actually a collection - sending Content-Location header." );
450 header(
"Content-Location: ".ConstructURL($this->path) );
452 if ( preg_match(
'#^(/principals/[^/]+/[^/]+)/?$#', $this->path, $matches) ) {
457 else if ( $this->path ==
'/' ) {
458 $this->collection_id = -1;
459 $this->collection_path =
'/';
460 $this->collection_type =
'root';
463 if ( $this->collection_path == $this->path ) $this->_is_collection =
true;
464 dbg_error_log(
"caldav",
" Collection '%s' is %d, type %s", $this->collection_path, $this->collection_id, $this->collection_type );
469 $this->principal =
new DAVPrincipal( array(
"path" => $this->path,
"options" => $this->options ) );
470 $this->user_no = $this->principal->user_no();
471 $this->username = $this->principal->username();
472 $this->by_email = $this->principal->byEmail();
473 $this->principal_id = $this->principal->principal_id();
475 if ( $this->collection_type ==
'principal' || $this->collection_type ==
'email' || $this->collection_type ==
'proxy' ) {
476 $this->collection = $this->principal->AsCollection();
477 if( $this->collection_type ==
'proxy' ) {
478 $this->collection->is_proxy =
't';
479 $this->collection->type =
'proxy';
480 $this->collection->proxy_type = $this->proxy_type;
481 $this->collection->dav_displayname = sprintf(
'Proxy %s for %s', $this->proxy_type, $this->principal->username() );
484 elseif( $this->collection_type ==
'root' ) {
485 $this->collection = (object) array(
486 'collection_id' => 0,
488 'dav_etag' => md5($c->system_name),
489 'is_calendar' =>
'f',
490 'is_addressbook' =>
'f',
491 'is_principal' =>
'f',
493 'dav_displayname' => $c->system_name,
495 'created' => date(
'Ymd\THis')
509 if ( isset($this->content_type) && preg_match(
'#(application|text)/xml#', $this->content_type ) ) {
510 if ( !isset($this->raw_post) || $this->raw_post ==
'' ) {
511 $this->
XMLResponse( 400,
new XMLElement(
'error',
new XMLElement(
'missing-xml'), array(
'xmlns' =>
'DAV:') ) );
513 $xml_parser = xml_parser_create_ns(
'UTF-8');
514 $this->xml_tags = array();
515 xml_parser_set_option ( $xml_parser, XML_OPTION_SKIP_WHITE, 1 );
516 xml_parser_set_option ( $xml_parser, XML_OPTION_CASE_FOLDING, 0 );
517 $rc = xml_parse_into_struct( $xml_parser, $this->raw_post, $this->xml_tags );
518 if ( $rc ==
false ) {
519 dbg_error_log(
'ERROR',
'XML parsing error: %s at line %d, column %d',
520 xml_error_string(xml_get_error_code($xml_parser)),
521 xml_get_current_line_number($xml_parser), xml_get_current_column_number($xml_parser) );
522 $this->
XMLResponse( 400,
new XMLElement(
'error',
new XMLElement(
'invalid-xml'), array(
'xmlns' =>
'DAV:') ) );
524 xml_parser_free($xml_parser);
525 if ( count($this->xml_tags) ) {
526 dbg_error_log(
"caldav",
" Parsed incoming XML request body." );
529 $this->xml_tags =
null;
530 dbg_error_log(
"ERROR",
"Incoming request sent content-type XML with no XML request body." );
537 if ( isset($_SERVER[
"HTTP_IF_NONE_MATCH"]) ) {
538 $this->etag_none_match = $_SERVER[
"HTTP_IF_NONE_MATCH"];
539 if ( $this->etag_none_match ==
'' ) unset($this->etag_none_match);
541 if ( isset($_SERVER[
"HTTP_IF_MATCH"]) ) {
542 $this->etag_if_match = $_SERVER[
"HTTP_IF_MATCH"];
543 if ( $this->etag_if_match ==
'' ) unset($this->etag_if_match);
563 if ( $this->path ==
'/' || $this->path ==
'' ) {
564 $this->privileges = privilege_to_bits( array(
'read',
'read-free-busy',
'read-acl'));
565 dbg_error_log(
"caldav",
"Full read permissions for user accessing /" );
567 else if ( $session->AllowedTo(
"Admin") || $session->principal->user_no() == $this->user_no ) {
568 $this->privileges = privilege_to_bits(
'all');
569 dbg_error_log(
"caldav",
"Full permissions for %s", ( $session->principal->user_no() == $this->user_no ?
"user accessing their own hierarchy" :
"a systems administrator") );
572 $this->privileges = 0;
574 $this->privileges = privilege_to_bits(array(
'read',
'read-free-busy'));
575 dbg_error_log(
"caldav",
"Basic read permissions for user accessing a public collection" );
577 else if ( isset($c->public_freebusy_url) && $c->public_freebusy_url ) {
578 $this->privileges = privilege_to_bits(
'read-free-busy');
579 dbg_error_log(
"caldav",
"Basic free/busy permissions for user accessing a public free/busy URL" );
585 $params = array(
':session_principal_id' => $session->principal->principal_id(),
':scan_depth' => $c->permission_scan_depth );
586 if ( isset($this->by_email) && $this->by_email ) {
587 $sql =
'SELECT pprivs( :session_principal_id::int8, :request_principal_id::int8, :scan_depth::int ) AS perm';
588 $params[
':request_principal_id'] = $this->principal_id;
591 $sql =
'SELECT path_privs( :session_principal_id::int8, :request_path::text, :scan_depth::int ) AS perm';
592 $params[
':request_path'] = $this->path;
594 $qry =
new AwlQuery( $sql, $params );
595 if ( $qry->Exec(
'caldav',__LINE__,__FILE__) && $permission_result = $qry->Fetch() ) {
596 $perm = $permission_result->perm;
597 if (isset($perm)) $this->privileges |= bindec($permission_result->perm);
600 dbg_error_log(
'caldav',
'Restricted permissions for user accessing someone elses hierarchy: %s', decbin($this->privileges) );
601 if ( isset($this->ticket) && $this->ticket->MatchesPath($this->path) ) {
602 $this->privileges |= $this->ticket->privileges();
603 dbg_error_log(
'caldav',
'Applying permissions for ticket "%s" now: %s', $this->ticket->id(), decbin($this->privileges) );
608 $this->permissions = array();
609 $privs = bits_to_privilege($this->privileges);
610 foreach( $privs AS $k => $v ) {
612 case 'DAV::all': $type =
'abstract';
break;
613 case 'DAV::write': $type =
'aggregate';
break;
614 default: $type =
'real';
616 $v = str_replace(
'DAV::',
'', $v);
617 $this->permissions[$v] = $type;
631 if ( !isset($this->_locks_found) ) {
632 $this->_locks_found = array();
634 $sql =
'DELETE FROM locks WHERE (start + timeout) < current_timestamp';
635 $qry =
new AwlQuery($sql);
636 $qry->Exec(
'caldav',__LINE__,__FILE__);
641 $sql =
'SELECT * FROM locks WHERE :dav_name::text ~ (\'^\'||dav_name||:pattern_end_match)::text';
642 $qry =
new AwlQuery($sql, array(
':dav_name' => $this->path,
':pattern_end_match' => ($this->
IsInfiniteDepth() ?
'' :
'$') ) );
643 if ( $qry->Exec(
'caldav',__LINE__,__FILE__) ) {
644 while( $lock_row = $qry->Fetch() ) {
645 $this->_locks_found[$lock_row->opaquelocktoken] = $lock_row;
649 $this->
DoResponse(500,translate(
"Database Error"));
654 foreach( $this->_locks_found AS $lock_token => $lock_row ) {
655 if ( $lock_row->depth == DEPTH_INFINITY || $lock_row->dav_name == $this->path ) {
668 if ( isset($this->collection) && isset($this->collection->publicly_readable) && $this->collection->publicly_readable ==
't' ) {
675 private static function supportedPrivileges() {
678 'read' => translate(
'Read the content of a resource or collection'),
680 'bind' => translate(
'Create a resource or collection'),
681 'unbind' => translate(
'Delete a resource or collection'),
682 'write-content' => translate(
'Write content'),
683 'write-properties' => translate(
'Write properties')
685 'urn:ietf:params:xml:ns:caldav:read-free-busy' => translate(
'Read the free/busy information for a calendar collection'),
686 'read-acl' => translate(
'Read ACLs for a resource or collection'),
687 'read-current-user-privilege-set' => translate(
'Read the details of the current user\'s access control to this resource.'),
688 'write-acl' => translate(
'Write ACLs for a resource or collection'),
689 'unlock' => translate(
'Remove a lock'),
691 'urn:ietf:params:xml:ns:caldav:schedule-deliver' => array(
692 'urn:ietf:params:xml:ns:caldav:schedule-deliver-invite'=> translate(
'Deliver scheduling invitations from an organiser to this scheduling inbox'),
693 'urn:ietf:params:xml:ns:caldav:schedule-deliver-reply' => translate(
'Deliver scheduling replies from an attendee to this scheduling inbox'),
694 'urn:ietf:params:xml:ns:caldav:schedule-query-freebusy' => translate(
'Allow free/busy enquiries targeted at the owner of this scheduling inbox')
697 'urn:ietf:params:xml:ns:caldav:schedule-send' => array(
698 'urn:ietf:params:xml:ns:caldav:schedule-send-invite' => translate(
'Send scheduling invitations as an organiser from the owner of this scheduling outbox.'),
699 'urn:ietf:params:xml:ns:caldav:schedule-send-reply' => translate(
'Send scheduling replies as an attendee from the owner of this scheduling outbox.'),
700 'urn:ietf:params:xml:ns:caldav:schedule-send-freebusy' => translate(
'Send free/busy enquiries')
710 if ( isset($this->path) )
return $this->path;
729 if ( $this->depth == 0 && $for_collection_report )
return '[^/]+$';
730 if ( $this->depth == 0 )
return '$';
740 if ( isset($this->_locks_found) && isset($this->_locks_found[$lock_token]) ) {
741 return $this->_locks_found[$lock_token];
744 $qry =
new AwlQuery(
'SELECT * FROM locks WHERE opaquelocktoken = :lock_token', array(
':lock_token' => $lock_token ) );
745 if ( $qry->Exec(
'caldav',__LINE__,__FILE__) ) {
746 $lock_row = $qry->Fetch();
747 $this->_locks_found = array( $lock_token => $lock_row );
748 return $this->_locks_found[$lock_token];
751 $this->
DoResponse( 500, translate(
"Database Error") );
765 if ( isset($this->lock_token) && $this->lock_token == $lock_token ) {
766 dbg_error_log(
"caldav",
"They supplied a valid lock token. Great!" );
769 if ( isset($this->if_clause) ) {
770 dbg_error_log(
"caldav",
"Checking lock token '%s' against '%s'", $lock_token, $this->if_clause );
771 $tokens = preg_split(
'/[<>]/', $this->if_clause );
772 foreach( $tokens AS $k => $v ) {
773 dbg_error_log(
"caldav",
"Checking lock token '%s' against '%s'", $lock_token, $v );
774 if (
'opaquelocktoken:' == substr( $v, 0, 16 ) ) {
775 if ( substr( $v, 16 ) == $lock_token ) {
776 dbg_error_log(
"caldav",
"Lock token '%s' validated OK against '%s'", $lock_token, $v );
783 @dbg_error_log(
"caldav",
"Invalid lock token '%s' - not in Lock-token (%s) or If headers (%s) ", $lock_token, $this->lock_token, $this->if_clause );
796 if ( !isset($this->_locks_found) &&
false === $this->
IsLocked() )
return false;
797 if ( isset($this->_locks_found[$lock_token]) )
return $this->_locks_found[$lock_token];
810 if ( $existing_lock = $this->
IsLocked() ) {
811 dbg_error_log(
"caldav",
"There is a lock on '%s'", $this->path);
813 $lock_row = $this->
GetLockRow($existing_lock);
817 $response[] =
new XMLElement(
'response', array(
818 new XMLElement(
'href', $lock_row->dav_name ),
819 new XMLElement(
'status',
'HTTP/1.1 423 Resource Locked')
821 if ( $lock_row->dav_name != $this->path ) {
822 $response[] =
new XMLElement(
'response', array(
823 new XMLElement(
'href', $this->path ),
824 new XMLElement(
'propstat', array(
825 new XMLElement(
'prop',
new XMLElement(
'lockdiscovery' ) ),
826 new XMLElement(
'status',
'HTTP/1.1 424 Failed Dependency')
830 $response =
new XMLElement(
"multistatus", $response, array(
'xmlns'=>
'DAV:') );
831 $xmldoc = $response->Render(0,
'<?xml version="1.0" encoding="utf-8" ?>');
832 $this->
DoResponse( 207, $xmldoc,
'text/xml; charset="utf-8"' );
835 return $existing_lock;
845 if ( isset($this->content_type) ) {
846 $type = explode(
'/', $this->content_type, 2);
848 if ( $type[0] ==
'text' ) {
849 if ( !empty($type[1]) && ($type[1] ==
'vcard' || $type[1] ==
'calendar' || $type[1] ==
'x-vcard') ) {
856 $first_word = trim(substr( $this->raw_post, 0, 30));
857 $first_word = strtoupper( preg_replace(
'/\s.*/s',
'', $first_word ) );
858 switch( $first_word ) {
860 dbg_error_log(
'LOG WARNING',
'Application sent content-type of "%s" instead of "text/xml"',
861 (isset($this->content_type)?$this->content_type:
'(null)') );
862 $this->content_type =
'text/xml';
864 case 'BEGIN:VCALENDAR':
865 dbg_error_log(
'LOG WARNING',
'Application sent content-type of "%s" instead of "text/calendar"',
866 (isset($this->content_type)?$this->content_type:
'(null)') );
867 $this->content_type =
'text/calendar';
870 dbg_error_log(
'LOG WARNING',
'Application sent content-type of "%s" instead of "text/vcard"',
871 (isset($this->content_type)?$this->content_type:
'(null)') );
872 $this->content_type =
'text/vcard';
875 dbg_error_log(
'LOG NOTICE',
'Unusual content-type of "%s" and first word of content is "%s"',
876 (isset($this->content_type)?$this->content_type:
'(null)'), $first_word );
878 if ( empty($this->content_type) ) $this->content_type =
'text/plain';
886 if ( empty($this->prefer) )
return false;
887 foreach( $this->prefer AS $v ) {
888 if ( $v ==
'return=minimal' )
return true;
889 if ( $v ==
'return-minimal' )
return true;
898 if ( !isset($this->_is_collection) ) {
899 $this->_is_collection = preg_match(
'#/$#', $this->path );
901 return $this->_is_collection;
909 if ( !$this->
IsCollection() || !isset($this->collection) )
return false;
910 return $this->collection->is_calendar ==
't';
918 if ( !$this->
IsCollection() || !isset($this->collection) )
return false;
919 return $this->collection->is_addressbook ==
't';
927 if ( !isset($this->_is_principal) ) {
928 $this->_is_principal = preg_match(
'#^/[^/]+/$#', $this->path );
930 return $this->_is_principal;
938 if ( !isset($this->_is_proxy_request) ) {
939 $this->_is_proxy_request = preg_match(
'#^/[^/]+/calendar-proxy-(read|write)/?[^/]*$#', $this->path );
941 return $this->_is_proxy_request;
949 return ($this->depth == DEPTH_INFINITY);
966 if ( $privs ===
null ) $privs = self::supportedPrivileges();
967 foreach( $privs AS $k => $v ) {
968 dbg_error_log(
'caldav',
'Adding privilege "%s" which is "%s".', $k, $v );
969 $privilege =
new XMLElement(
'privilege');
970 $reply->NSElement($privilege,$k);
971 $privset = array($privilege);
972 if ( is_array($v) ) {
973 dbg_error_log(
'caldav',
'"%s" is a container of sub-privileges.', $k );
976 else if ( $v ==
'abstract' ) {
977 dbg_error_log(
'caldav',
'"%s" is an abstract privilege.', $v );
978 $privset[] =
new XMLElement(
'abstract');
980 else if ( strlen($v) > 1 ) {
981 $privset[] =
new XMLElement(
'description', $v);
983 $privileges[] =
new XMLElement(
'supported-privilege',$privset);
1004 dbg_error_log(
'caldav',
'Checking whether "%s" is allowed to "%s"', $session->principal->username(), $activity);
1005 if ( isset($this->permissions[
'all']) )
return true;
1006 switch( $activity ) {
1011 case "CALDAV:schedule-send-freebusy":
1012 return isset($this->permissions[
'read']) || isset($this->permissions[
'urn:ietf:params:xml:ns:caldav:read-free-busy']);
1015 case "CALDAV:schedule-send-invite":
1016 return isset($this->permissions[
'read']) || isset($this->permissions[
'urn:ietf:params:xml:ns:caldav:read-free-busy']);
1019 case "CALDAV:schedule-send-reply":
1020 return isset($this->permissions[
'read']) || isset($this->permissions[
'urn:ietf:params:xml:ns:caldav:read-free-busy']);
1024 return isset($this->permissions[
'read']) || isset($this->permissions[
'urn:ietf:params:xml:ns:caldav:read-free-busy']);
1028 return isset($this->permissions[
'write']) || isset($this->permissions[
'unbind']);
1032 return isset($this->permissions[
'write']) || isset($this->permissions[
'write-properties']);
1036 return isset($this->permissions[
'write']) || isset($this->permissions[
'write-content']);
1040 return isset($this->permissions[
'write']) || isset($this->permissions[
'bind']);
1045 if ( !isset($this->permissions[
'write']) || !isset($this->permissions[
'bind']) )
return false;
1046 if ( $this->is_principal )
return false;
1047 if ( $this->path ==
'/' )
return false;
1051 $test_bits = privilege_to_bits( $activity );
1055 return (($this->privileges & $test_bits) > 0 );
1082 if ( (isset($this->etag_if_match) && $this->etag_if_match !=
'') ) {
1089 $this->
PreconditionFailed(412,
'if-match', translate(
'No resource exists at the destination.'));
1094 if ( isset($c->strict_etag_checking) && $c->strict_etag_checking )
1095 $trim_chars =
'\'\\
" ';
1099 if ( isset($this->etag_if_match) && $this->etag_if_match != '' && $this->etag_if_match != '*'
1100 && trim( $this->etag_if_match, $trim_chars) != trim( $dest_etag, $trim_chars ) ) {
1107 $this->PreconditionFailed(412,'if-match',sprintf('Existing resource ETag of %s does not match %s', $dest_etag, $this->etag_if_match) );
1109 else if ( isset($this->etag_none_match) && $this->etag_none_match != ''
1110 && ($this->etag_none_match == $dest_etag || $this->etag_none_match == '*') ) {
1119 $this->PreconditionFailed(412,'if-none-match', translate( 'Existing resource matches "If-None-Match
" header - not accepted.'));
1129 function HavePrivilegeTo( $do_what ) {
1130 $test_bits = privilege_to_bits( $do_what );
1131// dbg_error_log( 'caldav', 'request::HavePrivilegeTo("%s
") [%s] against allowed "%s
" => "%s
" (%s)',
1132// (is_array($do_what) ? implode(',',$do_what) : $do_what), decbin($test_bits),
1133// decbin($this->privileges), ($this->privileges & $test_bits), decbin($this->privileges & $test_bits) );
1134 return ($this->privileges & $test_bits) > 0;
1142 function UnsupportedRequest( $unsupported ) {
1143 if ( isset($unsupported) && count($unsupported) > 0 ) {
1144 $badprops = new XMLElement( "prop
" );
1145 foreach( $unsupported AS $k => $v ) {
1146 // Not supported at this point...
1147 dbg_error_log("ERROR
", " %s: Support
for $v:$k properties is not implemented yet
", $this->method );
1148 $badprops->NewElement(strtolower($k),false,array("xmlns
" => strtolower($v)));
1150 $error = new XMLElement("error
", $badprops, array("xmlns
" => "DAV:
") );
1152 $this->XMLResponse( 422, $error );
1165 function NeedPrivilege( $privileges, $href=null ) {
1166 if ( is_string($privileges) ) $privileges = array( $privileges );
1167 if ( !isset($href) ) {
1168 if ( $this->HavePrivilegeTo($privileges) ) return;
1169 $href = $this->path;
1172 $reply = new XMLDocument( array('DAV:' => '') );
1173 $privnodes = array( $reply->href(ConstructURL($href)), new XMLElement( 'privilege' ) );
1174 // RFC3744 specifies that we can only respond with one needed privilege, so we pick the first.
1175 $reply->NSElement( $privnodes[1], $privileges[0] );
1176 $xml = new XMLElement( 'need-privileges', new XMLElement( 'resource', $privnodes) );
1177 $xmldoc = $reply->Render('error',$xml);
1178 $this->DoResponse( 403, $xmldoc, 'text/xml; charset="utf-8
"' );
1179 exit(0); // Unecessary, but might clarify things
1190 function PreconditionFailed( $status, $precondition, $explanation = '', $xmlns='DAV:') {
1191 $xmldoc = sprintf('<?xml version="1.0
" encoding="utf-8
" ?>
1194</error>', $xmlns, str_replace($xmlns.':', '', $precondition), $explanation );
1196 $this->DoResponse( $status, $xmldoc, 'text/xml; charset="utf-8
"' );
1197 exit(0); // Unecessary, but might clarify things
1206 function MalformedRequest( $text = 'Bad request' ) {
1207 $this->DoResponse( 400, $text );
1208 exit(0); // Unecessary, but might clarify things
1218 function XMLResponse( $status, $xmltree ) {
1219 $xmldoc = $xmltree->Render(0,'<?xml version="1.0
" encoding="utf-8
" ?>');
1220 $etag = md5($xmldoc);
1221 if ( !headers_sent() ) header("ETag: \
"$etag\"");
1222 $this->
DoResponse( $status, $xmldoc,
'text/xml; charset="utf-8"' );
1226 public static function kill_on_exit() {
1227 posix_kill( getmypid(), 28 );
1237 function DoResponse( $status, $message=
"", $content_type=
"text/plain; charset=\"utf-8\"" ) {
1238 global $session, $c;
1239 if ( !headers_sent() ) @header( sprintf(
"HTTP/1.1 %d %s", $status, getStatusMessage($status)) );
1240 if ( !headers_sent() ) @header( sprintf(
"X-DAViCal-Version: DAViCal/%d.%d.%d; DB/%d.%d.%d", $c->code_major, $c->code_minor, $c->code_patch, $c->schema_major, $c->schema_minor, $c->schema_patch) );
1241 if ( !headers_sent() ) header(
"Content-type: ".$content_type );
1243 if ( (isset($c->dbg[
'ALL']) && $c->dbg[
'ALL']) || (isset($c->dbg[
'response']) && $c->dbg[
'response'])
1244 || $status == 400 || $status == 402 || $status == 403 || $status > 404 ) {
1245 @dbg_error_log(
"LOG ",
'Response status %03d for %s %s', $status, $this->method, $_SERVER[
'REQUEST_URI'] );
1246 $lines = headers_list();
1247 dbg_error_log(
"LOG ",
"***************** Response Header ****************" );
1248 foreach( $lines AS $v ) {
1249 dbg_error_log(
"LOG headers",
"-->%s", $v );
1251 dbg_error_log(
"LOG",
"******************** Response ********************" );
1253 $lines = preg_split(
'#[\r\n]+#', $message);
1254 foreach( $lines AS $v ) {
1255 dbg_error_log(
"LOG response",
"-->%s", $v );
1259 $script_finish = microtime(
true);
1260 $script_time = $script_finish - $c->script_start_time;
1261 $message_length = strlen($message);
1262 if ( $message !=
'' ) {
1263 if ( !headers_sent() ) header(
"Content-Length: ".$message_length );
1267 if ( isset($c->dbg[
'caldav']) && $c->dbg[
'caldav'] ) {
1268 if ( $message_length > 100 || strstr($message,
"\n") ) {
1269 $message = substr( preg_replace(
"#\s+#m",
' ', $message ), 0, 100) . ($message_length > 100 ?
"..." :
"");
1272 dbg_error_log(
"caldav",
"Status: %d, Message: %s, User: %d, Path: %s", $status, $message, $session->principal->user_no(), $this->path);
1274 if ( isset($c->dbg[
'statistics']) && $c->dbg[
'statistics'] ) {
1276 if ( function_exists(
'memory_get_usage') ) {
1277 $memory = sprintf(
', Memory: %dk, Peak: %dk', memory_get_usage()/1024, memory_get_peak_usage(
true)/1024);
1279 @dbg_error_log(
"statistics",
"Method: %s, Status: %d, Script: %5.3lfs, Queries: %5.3lfs, URL: %s%s",
1280 $this->method, $status, $script_time, $c->total_query_time, $this->path, $memory);
1285 catch( Exception $ignored ) {}
1287 if ( isset($c->metrics_style) && $c->metrics_style !==
false ) {
1288 $flush_time = microtime(
true) - $script_finish;
1289 $this->
DoMetrics($status, $message_length, $script_time, $flush_time);
1292 if ( isset($c->exit_after_memory_exceeds) && function_exists(
'memory_get_peak_usage') && memory_get_peak_usage(
true) > $c->exit_after_memory_exceeds ) {
1293 @dbg_error_log(
"statistics",
"Peak memory use exceeds %d bytes (%d) - killing process %d", $c->exit_after_memory_exceeds, memory_get_peak_usage(
true), getmypid());
1294 register_shutdown_function(
'CalDAVRequest::kill_on_exit' );
1309 function DoMetrics($status, $response_size, $script_time, $flush_time) {
1311 static $ns =
'metrics';
1317 if ( $c->metrics_style !=
'counters' ) {
1318 $cache = getCacheInstance();
1319 if ( $cache->isActive() ) {
1322 $count_like_this = $cache->increment( $ns, $base_key.$status );
1323 $cache->increment( $ns, $base_key.
'size', $response_size );
1324 $cache->increment( $ns, $base_key.
'script_time', intval($script_time * 1000000) );
1325 $cache->increment( $ns, $base_key.
'flush_time', intval($flush_time * 1000000) );
1326 $cache->increment( $ns, $base_key.
'query_time', intval($c->total_query_time * 1000000) );
1328 if ( $count_like_this == 1 ) {
1333 $index = unserialize($cache->get($ns,
'index'));
1334 }
catch (Exception $e) {
1335 $index = array(
'methods' => array(),
'statuses' => array());
1337 $index[
'methods'][
$method] = 1;
1338 $index[
'statuses'][$status] = 1;
1339 $cache->set($ns,
'index', serialize($index), 0);
1343 error_log(
"Full statistics are only available with a working Memcache configuration");
1348 if ( $c->metrics_style !=
'memcache' ) {
1349 $qstring =
"SELECT nextval('%s')";
1369 $counter = strtolower($this->method);
1372 $counter =
'unknown';
1375 $qry =
new AwlQuery(
"SELECT nextval('metrics_count_" . $counter .
"')" );
1376 $qry->Exec(
'always',__LINE__,__FILE__);
GetLockDetails( $lock_token)
__construct( $options=array())
DepthRegexTail( $for_collection_report=false)
CheckEtagMatch( $exists, $dest_etag)
DoMetrics($status, $response_size, $script_time, $flush_time)
$current_user_principal_xml
ValidateLockToken( $lock_token)
XMLResponse( $status, $xmltree)
PreconditionFailed( $status, $precondition, $explanation='', $xmlns='DAV:')
BuildSupportedPrivileges(&$reply, $privs=null)
DoResponse( $status, $message="", $content_type="text/plain; charset=\"utf-8\"")