diff options
Diffstat (limited to 'www/davical')
| -rw-r--r-- | www/davical/Makefile | 3 | ||||
| -rw-r--r-- | www/davical/files/patch-caldav-ACL.php | 85 | ||||
| -rw-r--r-- | www/davical/files/patch-principal-edit.php | 27 |
3 files changed, 114 insertions, 1 deletions
diff --git a/www/davical/Makefile b/www/davical/Makefile index 148a9b6d5b41..43d48acda575 100644 --- a/www/davical/Makefile +++ b/www/davical/Makefile @@ -1,10 +1,11 @@ PORTNAME= davical DISTVERSIONPREFIX= r DISTVERSION= 1.1.12 +PORTREVISION= 1 CATEGORIES?= www PKGNAMESUFFIX= ${PHP_PKGNAMESUFFIX} -MAINTAINER= ports@FreeBSD.org +MAINTAINER= dinoex@FreeBSD.org COMMENT= Simple CalDAV server using a postgres backend WWW= https://www.davical.org/ diff --git a/www/davical/files/patch-caldav-ACL.php b/www/davical/files/patch-caldav-ACL.php new file mode 100644 index 000000000000..1f4ae0bf13e4 --- /dev/null +++ b/www/davical/files/patch-caldav-ACL.php @@ -0,0 +1,85 @@ +commit effc00474111bf5dff1297dd3c6811c1fdf6b6ca +Author: Florian Schlichting <fsfs@debian.org> +Date: Thu Mar 23 22:14:41 2023 +0100 + + use "." to concatenate strings, not "+" (fixes #288) + + Unsupported operand types: string + string at /usr/share/davical/inc/caldav-ACL.php:146 + +diff --git a/inc/caldav-ACL.php b/inc/caldav-ACL.php +index 861d4389..cb0fa213 100644 +--- inc/caldav-ACL.php.orig ++++ inc/caldav-ACL.php +@@ -143,7 +143,7 @@ function process_ace( $grantor, $by_principal, $by_collection, $ace ) { + $grantee = new DAVResource( DeconstructURL($principal_content->GetContent()) ); + $grantee_id = $grantee->getProperty('principal_id'); + if ( !$grantee->Exists() || !$grantee->IsPrincipal() ) +- $request->PreconditionFailed(403,'recognized-principal', 'Principal "' + $principal_content->GetContent() + '" not found.'); ++ $request->PreconditionFailed(403,'recognized-principal', 'Principal "' . $principal_content->GetContent() . '" not found.'); + $sqlparms = array( ':to_principal' => $grantee_id); + $where = 'WHERE to_principal=:to_principal AND '; + if ( isset($by_principal) ) { +diff --git a/testing/tests/regression-suite/0946-ACL-err.result b/testing/tests/regression-suite/0946-ACL-err.result +new file mode 100644 +index 00000000..c0ad5ef7 +--- /dev/null ++++ testing/tests/regression-suite/0946-ACL-err.result +@@ -0,0 +1,11 @@ ++HTTP/1.1 403 Forbidden
++Date: Dow, 01 Jan 2000 00:00:00 GMT
++DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
++DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy
++Content-Length: 137
++Content-Type: text/xml; charset="utf-8"
++
++<?xml version="1.0" encoding="utf-8" ?> ++<error xmlns="DAV:"> ++ <recognized-principal/>Principal "/caldav.php/user40/" not found. ++</error> +diff --git a/testing/tests/regression-suite/0946-ACL-err.test b/testing/tests/regression-suite/0946-ACL-err.test +new file mode 100644 +index 00000000..945f3a13 +--- /dev/null ++++ testing/tests/regression-suite/0946-ACL-err.test +@@ -0,0 +1,41 @@ ++# ++# ACL setting default privileges on a collection to nothing, and ++# specific privileges to include read-acl. ++# ++TYPE=ACL ++URL=http://regression.host/caldav.php/user1/home/ ++HEADER=User-Agent: RFC3744 Spec Tests ++HEADER=Content-Type: text/xml; charset="UTF-8" ++HEAD ++ ++ ++BEGINDATA ++<?xml version="1.0" encoding="utf-8" ?> ++<acl xmlns="DAV:" xmlns:CalDAV="urn:ietf:params:xml:ns:caldav"> ++ <ace> ++ <principal> ++ <href>/caldav.php/user40/</href> ++ </principal> ++ <grant> ++ <privilege><read/></privilege> ++ <privilege><read-acl/></privilege> ++ <privilege><read-current-user-privilege-set/></privilege> ++ <privilege><CalDAV:read-free-busy/></privilege> ++ </grant> ++ </ace> ++ <ace> ++ <principal><authenticated/></principal> ++ <grant> ++ <privilege/> ++ </grant> ++ </ace> ++</acl> ++ENDDATA ++ ++QUERY ++SELECT by_principal, by_collection, privileges, p_to.displayname, to_principal ++ FROM grants JOIN dav_principal p_to ON (to_principal=principal_id) ++ LEFT JOIN collection ON (by_collection=collection.collection_id) ++ WHERE collection.dav_name = '/user1/home/' ++ENDQUERY ++ diff --git a/www/davical/files/patch-principal-edit.php b/www/davical/files/patch-principal-edit.php new file mode 100644 index 000000000000..361be905cb0e --- /dev/null +++ b/www/davical/files/patch-principal-edit.php @@ -0,0 +1,27 @@ +commit e8f3a3e6f2c27e78c2778e0040b385b430dfc9fc +Author: Andrew Ruthven <puck@catalystcloud.nz> +Date: Sun Apr 30 12:13:37 2023 +1200 + + Add a missing space to a SQL statement to fix adding groups. + + It looks to me like this bug has been present since 2011. + + Closes: #294 + +diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php +index 603fd1e1..df975e22 100644 +--- inc/ui/principal-edit.php.orig ++++ inc/ui/principal-edit.php +@@ -495,9 +495,9 @@ function group_memberships_browser() { + function group_row_editor() { + global $c, $id, $editor, $can_write_principal; + $grouprow = new Editor("Group Members", "group_member"); +- $sql = 'SELECT principal_id, coalesce(displayname,fullname,username) FROM dav_principal '; +- $sql .= 'WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.') '; +- $sql .= 'AND principal_id != '.$id; ++ $sql = 'SELECT principal_id, coalesce(displayname, fullname, username) FROM dav_principal '; ++ $sql .= 'WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = ' . $id . ') '; ++ $sql .= 'AND principal_id != ' . $id . ' '; + $sql .= 'ORDER BY 2'; + $grouprow->SetLookup( 'member_id', $sql); + $grouprow->SetSubmitName( 'savegrouprow' ); |