composer update sabre/dav

7 files changed, 86 insertions, 37 deletions

diff --git a/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php b/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php
index 003dc1392..da601fad8 100644
--- a/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php
+++ b/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php
@@ -874,6 +874,8 @@ WHERE
     calendar_instances.principaluri = ?
     AND
     calendarobjects.uid = ?
+    AND
+    calendar_instances.access = 1
 SQL;
 
         $stmt = $this->pdo->prepare($query);
@@ -1286,13 +1288,18 @@ SQL;
     /**
      * Creates a new scheduling object. This should land in a users' inbox.
      *
-     * @param string $principalUri
-     * @param string $objectUri
-     * @param string $objectData
+     * @param string          $principalUri
+     * @param string          $objectUri
+     * @param string|resource $objectData
      */
     public function createSchedulingObject($principalUri, $objectUri, $objectData)
     {
         $stmt = $this->pdo->prepare('INSERT INTO '.$this->schedulingObjectTableName.' (principaluri, calendardata, uri, lastmodified, etag, size) VALUES (?, ?, ?, ?, ?, ?)');
+
+        if (is_resource($objectData)) {
+            $objectData = stream_get_contents($objectData);
+        }
+
         $stmt->execute([$principalUri, $objectData, $objectUri, time(), md5($objectData), strlen($objectData)]);
     }
 
diff --git a/vendor/sabre/dav/lib/CalDAV/Backend/SchedulingSupport.php b/vendor/sabre/dav/lib/CalDAV/Backend/SchedulingSupport.php
index 7986d8c33..69467e554 100644
--- a/vendor/sabre/dav/lib/CalDAV/Backend/SchedulingSupport.php
+++ b/vendor/sabre/dav/lib/CalDAV/Backend/SchedulingSupport.php
@@ -58,9 +58,9 @@ interface SchedulingSupport extends BackendInterface
     /**
      * Creates a new scheduling object. This should land in a users' inbox.
      *
-     * @param string $principalUri
-     * @param string $objectUri
-     * @param string $objectData
+     * @param string          $principalUri
+     * @param string          $objectUri
+     * @param string|resource $objectData
      */
     public function createSchedulingObject($principalUri, $objectUri, $objectData);
 }
diff --git a/vendor/sabre/dav/lib/DAV/Browser/GuessContentType.php b/vendor/sabre/dav/lib/DAV/Browser/GuessContentType.php
index 7466babb3..b07103db9 100644
--- a/vendor/sabre/dav/lib/DAV/Browser/GuessContentType.php
+++ b/vendor/sabre/dav/lib/DAV/Browser/GuessContentType.php
@@ -85,10 +85,12 @@ class GuessContentType extends DAV\ServerPlugin
      */
     protected function getContentType($fileName)
     {
-        // Just grabbing the extension
-        $extension = strtolower(substr($fileName, strrpos($fileName, '.') + 1));
-        if (isset($this->extensionMap[$extension])) {
-            return $this->extensionMap[$extension];
+        if (null !== $fileName) {
+            // Just grabbing the extension
+            $extension = strtolower(substr($fileName, strrpos($fileName, '.') + 1));
+            if (isset($this->extensionMap[$extension])) {
+                return $this->extensionMap[$extension];
+            }
         }
 
         return 'application/octet-stream';
diff --git a/vendor/sabre/dav/lib/DAV/Server.php b/vendor/sabre/dav/lib/DAV/Server.php
index 09760e9d1..69b3bb3f2 100644
--- a/vendor/sabre/dav/lib/DAV/Server.php
+++ b/vendor/sabre/dav/lib/DAV/Server.php
@@ -14,6 +14,7 @@ use Sabre\HTTP;
 use Sabre\HTTP\RequestInterface;
 use Sabre\HTTP\ResponseInterface;
 use Sabre\Uri;
+use Sabre\Xml\Writer;
 
 /**
  * Main DAV server class.
@@ -185,6 +186,15 @@ class Server implements LoggerAwareInterface, EmitterInterface
     public static $exposeVersion = true;
 
     /**
+     * If this setting is turned on, any multi status response on any PROPFIND will be streamed to the output buffer.
+     * This will be beneficial for large result sets which will no longer consume a large amount of memory as well as
+     * send back data to the client earlier.
+     *
+     * @var bool
+     */
+    public static $streamMultiStatus = false;
+
+    /**
      * Sets up the server.
      *
      * If a Sabre\DAV\Tree object is passed as an argument, it will
@@ -1628,19 +1638,38 @@ class Server implements LoggerAwareInterface, EmitterInterface
     // {{{ XML Readers & Writers
 
     /**
-     * Generates a WebDAV propfind response body based on a list of nodes.
+     * Returns a callback generating a WebDAV propfind response body based on a list of nodes.
      *
      * If 'strip404s' is set to true, all 404 responses will be removed.
      *
      * @param array|\Traversable $fileProperties The list with nodes
      * @param bool               $strip404s
      *
-     * @return string
+     * @return callable|string
      */
     public function generateMultiStatus($fileProperties, $strip404s = false)
     {
         $w = $this->xml->getWriter();
+        if (self::$streamMultiStatus) {
+            return function () use ($fileProperties, $strip404s, $w) {
+                $w->openUri('php://output');
+                $this->writeMultiStatus($w, $fileProperties, $strip404s);
+                $w->flush();
+            };
+        }
         $w->openMemory();
+        $this->writeMultiStatus($w, $fileProperties, $strip404s);
+
+        return $w->outputMemory();
+    }
+
+    /**
+     * @param Writer $w
+     * @param $fileProperties
+     * @param bool $strip404s
+     */
+    private function writeMultiStatus(Writer $w, $fileProperties, bool $strip404s)
+    {
         $w->contextUri = $this->baseUri;
         $w->startDocument();
 
@@ -1662,7 +1691,6 @@ class Server implements LoggerAwareInterface, EmitterInterface
             ]);
         }
         $w->endElement();
-
-        return $w->outputMemory();
+        $w->endDocument();
     }
 }
diff --git a/vendor/sabre/dav/lib/DAV/Version.php b/vendor/sabre/dav/lib/DAV/Version.php
index c00255881..bb48768a9 100644
--- a/vendor/sabre/dav/lib/DAV/Version.php
+++ b/vendor/sabre/dav/lib/DAV/Version.php
@@ -16,5 +16,5 @@ class Version
     /**
      * Full version number.
      */
-    const VERSION = '4.0.2';
+    const VERSION = '4.0.3';
 }
diff --git a/vendor/sabre/dav/lib/DAVACL/Plugin.php b/vendor/sabre/dav/lib/DAVACL/Plugin.php
index c1ea6027c..b9407472e 100644
--- a/vendor/sabre/dav/lib/DAVACL/Plugin.php
+++ b/vendor/sabre/dav/lib/DAVACL/Plugin.php
@@ -214,7 +214,7 @@ class Plugin extends DAV\ServerPlugin
                     $this->server->httpRequest,
                     $this->server->httpResponse
                 );
-                throw new notAuthenticated(implode(', ', $reasons).'. Login was needed for privilege: '.implode(', ', $failed).' on '.$uri);
+                throw new NotAuthenticated(implode(', ', $reasons).'. Login was needed for privilege: '.implode(', ', $failed).' on '.$uri);
             }
             if ($throwExceptions) {
                 throw new NeedPrivileges($uri, $failed);
diff --git a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
index 350ecb145..160d41447 100644
--- a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
+++ b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
@@ -301,34 +301,46 @@ class PDO extends AbstractBackend implements CreatePrincipalSupport
      */
     public function findByUri($uri, $principalPrefix)
     {
-        $value = null;
-        $scheme = null;
-        list($scheme, $value) = explode(':', $uri, 2);
-        if (empty($value)) {
+        $uriParts = Uri\parse($uri);
+
+        // Only two types of uri are supported :
+        //   - the "mailto:" scheme with some non-empty address
+        //   - a principals uri, in the form "principals/NAME"
+        // In both cases, `path` must not be empty.
+        if (empty($uriParts['path'])) {
             return null;
         }
 
         $uri = null;
-        switch ($scheme) {
-            case 'mailto':
-                $query = 'SELECT uri FROM '.$this->tableName.' WHERE lower(email)=lower(?)';
-                $stmt = $this->pdo->prepare($query);
-                $stmt->execute([$value]);
+        if ('mailto' === $uriParts['scheme']) {
+            $query = 'SELECT uri FROM '.$this->tableName.' WHERE lower(email)=lower(?)';
+            $stmt = $this->pdo->prepare($query);
+            $stmt->execute([$uriParts['path']]);
 
-                while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-                    // Checking if the principal is in the prefix
-                    list($rowPrefix) = Uri\split($row['uri']);
-                    if ($rowPrefix !== $principalPrefix) {
-                        continue;
-                    }
+            while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+                // Checking if the principal is in the prefix
+                list($rowPrefix) = Uri\split($row['uri']);
+                if ($rowPrefix !== $principalPrefix) {
+                    continue;
+                }
 
-                    $uri = $row['uri'];
-                    break; //Stop on first match
+                $uri = $row['uri'];
+                break; //Stop on first match
+            }
+        } else {
+            $pathParts = Uri\split($uriParts['path']); // We can do this since $uriParts['path'] is not null
+
+            if (2 === count($pathParts) && $pathParts[0] === $principalPrefix) {
+                // Checking that this uri exists
+                $query = 'SELECT * FROM '.$this->tableName.' WHERE uri = ?';
+                $stmt = $this->pdo->prepare($query);
+                $stmt->execute([$uriParts['path']]);
+                $rows = $stmt->fetchAll();
+
+                if (count($rows) > 0) {
+                    $uri = $uriParts['path'];
                 }
-                break;
-            default:
-                //unsupported uri scheme
-                return null;
+            }
         }
 
         return $uri;