composer update sabre/dav

2 files changed, 34 insertions, 22 deletions

diff --git a/vendor/sabre/dav/lib/DAVACL/Plugin.php b/vendor/sabre/dav/lib/DAVACL/Plugin.php
index c1ea6027c..b9407472e 100644
--- a/vendor/sabre/dav/lib/DAVACL/Plugin.php
+++ b/vendor/sabre/dav/lib/DAVACL/Plugin.php
@@ -214,7 +214,7 @@ class Plugin extends DAV\ServerPlugin
                     $this->server->httpRequest,
                     $this->server->httpResponse
                 );
-                throw new notAuthenticated(implode(', ', $reasons).'. Login was needed for privilege: '.implode(', ', $failed).' on '.$uri);
+                throw new NotAuthenticated(implode(', ', $reasons).'. Login was needed for privilege: '.implode(', ', $failed).' on '.$uri);
             }
             if ($throwExceptions) {
                 throw new NeedPrivileges($uri, $failed);
diff --git a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
index 350ecb145..160d41447 100644
--- a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
+++ b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
@@ -301,34 +301,46 @@ class PDO extends AbstractBackend implements CreatePrincipalSupport
      */
     public function findByUri($uri, $principalPrefix)
     {
-        $value = null;
-        $scheme = null;
-        list($scheme, $value) = explode(':', $uri, 2);
-        if (empty($value)) {
+        $uriParts = Uri\parse($uri);
+
+        // Only two types of uri are supported :
+        //   - the "mailto:" scheme with some non-empty address
+        //   - a principals uri, in the form "principals/NAME"
+        // In both cases, `path` must not be empty.
+        if (empty($uriParts['path'])) {
             return null;
         }
 
         $uri = null;
-        switch ($scheme) {
-            case 'mailto':
-                $query = 'SELECT uri FROM '.$this->tableName.' WHERE lower(email)=lower(?)';
-                $stmt = $this->pdo->prepare($query);
-                $stmt->execute([$value]);
+        if ('mailto' === $uriParts['scheme']) {
+            $query = 'SELECT uri FROM '.$this->tableName.' WHERE lower(email)=lower(?)';
+            $stmt = $this->pdo->prepare($query);
+            $stmt->execute([$uriParts['path']]);
 
-                while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-                    // Checking if the principal is in the prefix
-                    list($rowPrefix) = Uri\split($row['uri']);
-                    if ($rowPrefix !== $principalPrefix) {
-                        continue;
-                    }
+            while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+                // Checking if the principal is in the prefix
+                list($rowPrefix) = Uri\split($row['uri']);
+                if ($rowPrefix !== $principalPrefix) {
+                    continue;
+                }
 
-                    $uri = $row['uri'];
-                    break; //Stop on first match
+                $uri = $row['uri'];
+                break; //Stop on first match
+            }
+        } else {
+            $pathParts = Uri\split($uriParts['path']); // We can do this since $uriParts['path'] is not null
+
+            if (2 === count($pathParts) && $pathParts[0] === $principalPrefix) {
+                // Checking that this uri exists
+                $query = 'SELECT * FROM '.$this->tableName.' WHERE uri = ?';
+                $stmt = $this->pdo->prepare($query);
+                $stmt->execute([$uriParts['path']]);
+                $rows = $stmt->fetchAll();
+
+                if (count($rows) > 0) {
+                    $uri = $uriParts['path'];
                 }
-                break;
-            default:
-                //unsupported uri scheme
-                return null;
+            }
         }
 
         return $uri;