aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Cdav.php41
-rw-r--r--Zotlabs/Module/Display.php51
2 files changed, 43 insertions, 49 deletions
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index fe697a526..a7d2b1169 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -135,7 +135,7 @@ class Cdav extends Controller {
$auth = new \Zotlabs\Storage\BasicAuth();
$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'CalDAV/CardDAV');
- if (local_channel()) {
+ if(local_channel()) {
logger('loggedin');
@@ -153,9 +153,9 @@ class Cdav extends Controller {
$auth->observer = $channel['channel_hash'];
$principalUri = 'principals/' . $channel['channel_address'];
- if(!cdav_principal($principalUri)) {
+ if(! cdav_principal($principalUri)) {
$this->activate($pdo, $channel);
- if(!cdav_principal($principalUri)) {
+ if(! cdav_principal($principalUri)) {
return;
}
}
@@ -168,21 +168,24 @@ class Cdav extends Controller {
if($httpmethod === 'PUT' || $httpmethod === 'DELETE') {
+ $channel = channelx_by_nick(argv(2));
+ $principalUri = 'principals/' . $channel['channel_address'];
$httpuri = $_SERVER['REQUEST_URI'];
logger("debug: method: " . $httpmethod, LOGGER_DEBUG);
logger("debug: uri: " . $httpuri, LOGGER_DEBUG);
- if(strpos($httpuri, 'cdav/addressbooks')) {
+ if(strpos($httpuri, 'cdav/addressbooks') !== false) {
$sync = 'addressbook';
$cdavtable = 'addressbooks';
}
- elseif(strpos($httpuri, 'cdav/calendars')) {
+ elseif(strpos($httpuri, 'cdav/calendars') !== false) {
$sync = 'calendar';
$cdavtable = 'calendarinstances';
}
- else
+ else {
$sync = false;
+ }
if($sync) {
@@ -191,14 +194,13 @@ class Cdav extends Controller {
logger("debug: body: " . $httpbody, LOGGER_DEBUG);
- if($x = get_cdav_id($principalUri, explode("/", $httpuri)[4], $cdavtable)) {
+ if($x = get_cdav_id($principalUri, argv(3), $cdavtable)) {
$cdavdata = $this->get_cdav_data($x['id'], $cdavtable);
-
$etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false);
// delete
- if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag)
+ if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) {
Libsync::build_sync_packet($channel['channel_id'], [
$sync => [
'action' => 'delete_card',
@@ -206,18 +208,18 @@ class Cdav extends Controller {
'carduri' => $uri
]
]);
+ }
else {
- if($etag) {
+ if($etag && $cdavdata['etag'] !== $etag) {
// update
- if($cdavdata['etag'] !== $etag)
- Libsync::build_sync_packet($channel['channel_id'], [
- $sync => [
- 'action' => 'update_card',
- 'uri' => $cdavdata['uri'],
- 'carduri' => $uri,
- 'card' => $httpbody
- ]
- ]);
+ Libsync::build_sync_packet($channel['channel_id'], [
+ $sync => [
+ 'action' => 'update_card',
+ 'uri' => $cdavdata['uri'],
+ 'carduri' => $uri,
+ 'card' => $httpbody
+ ]
+ ]);
}
else {
// new
@@ -235,7 +237,6 @@ class Cdav extends Controller {
}
}
-
$principalBackend = new \Sabre\DAVACL\PrincipalBackend\PDO($pdo);
$carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo);
$caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo);
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 15dfb0dc9..eb97e77a0 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -247,69 +247,62 @@ class Display extends \Zotlabs\Web\Controller {
if($noscript_content || $load) {
- $r = null;
-
require_once('include/channel.php');
$sys = get_sys_channel();
- $sysid = $sys['channel_id'];
+ // in case somebody turned off public access to sys channel content using permissions
+ // make that content unsearchable by ensuring the owner uid can't match
+ $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
+
+ $r = null;
if(local_channel()) {
- $r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal limit 1",
+ $r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1",
intval(local_channel()),
dbesc($target_item['parent_mid'])
);
}
- if($r === null) {
- // in case somebody turned off public access to sys channel content using permissions
- // make that content unsearchable by ensuring the owner uid can't match
-
- if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
- $sysid = 0;
-
- $r = q("SELECT item.id as item_id from item
+ if(!$r) {
+ $r = q("SELECT item.id AS item_id FROM item
WHERE ((mid = '%s'
- AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
+ AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
- and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+ AND uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR uid = %d ))) OR
(mid = '%s' $sql_extra ))
$item_normal
limit 1",
dbesc($target_item['parent_mid']),
- intval($sysid),
+ intval($sys_id),
dbesc($target_item['parent_mid'])
);
}
}
elseif($update && !$load) {
- $r = null;
-
require_once('include/channel.php');
$sys = get_sys_channel();
- $sysid = $sys['channel_id'];
+ // in case somebody turned off public access to sys channel content using permissions
+ // make that content unsearchable by ensuring the owner uid can't match
+ $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
+
+ $r = null;
if(local_channel()) {
$r = q("SELECT item.parent AS item_id from item
WHERE uid = %d
- and parent_mid = '%s'
+ AND parent_mid = '%s'
$item_normal_update
$simple_update
- limit 1",
+ LIMIT 1",
intval(local_channel()),
dbesc($target_item['parent_mid'])
);
}
- if($r === null) {
- // in case somebody turned off public access to sys channel content using permissions
- // make that content unsearchable by ensuring the owner_xchan can't match
-
- if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
- $sysid = 0;
+ if(! $r) {
$r = q("SELECT item.id as item_id from item
WHERE ((parent_mid = '%s'
- AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
+ AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR uid = %d ))) OR
@@ -317,14 +310,14 @@ class Display extends \Zotlabs\Web\Controller {
$item_normal
limit 1",
dbesc($target_item['parent_mid']),
- intval($sysid),
+ intval($sys_id),
dbesc($target_item['parent_mid'])
);
}
}
else {
- $r = array();
+ $r = [];
}
if($r) {