diff options
Diffstat (limited to 'vendor/sabre/dav/lib/DAVACL')
-rw-r--r-- | vendor/sabre/dav/lib/DAVACL/Plugin.php | 2 | ||||
-rw-r--r-- | vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php | 54 |
2 files changed, 34 insertions, 22 deletions
diff --git a/vendor/sabre/dav/lib/DAVACL/Plugin.php b/vendor/sabre/dav/lib/DAVACL/Plugin.php index c1ea6027c..b9407472e 100644 --- a/vendor/sabre/dav/lib/DAVACL/Plugin.php +++ b/vendor/sabre/dav/lib/DAVACL/Plugin.php @@ -214,7 +214,7 @@ class Plugin extends DAV\ServerPlugin $this->server->httpRequest, $this->server->httpResponse ); - throw new notAuthenticated(implode(', ', $reasons).'. Login was needed for privilege: '.implode(', ', $failed).' on '.$uri); + throw new NotAuthenticated(implode(', ', $reasons).'. Login was needed for privilege: '.implode(', ', $failed).' on '.$uri); } if ($throwExceptions) { throw new NeedPrivileges($uri, $failed); diff --git a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php index 350ecb145..160d41447 100644 --- a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php +++ b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php @@ -301,34 +301,46 @@ class PDO extends AbstractBackend implements CreatePrincipalSupport */ public function findByUri($uri, $principalPrefix) { - $value = null; - $scheme = null; - list($scheme, $value) = explode(':', $uri, 2); - if (empty($value)) { + $uriParts = Uri\parse($uri); + + // Only two types of uri are supported : + // - the "mailto:" scheme with some non-empty address + // - a principals uri, in the form "principals/NAME" + // In both cases, `path` must not be empty. + if (empty($uriParts['path'])) { return null; } $uri = null; - switch ($scheme) { - case 'mailto': - $query = 'SELECT uri FROM '.$this->tableName.' WHERE lower(email)=lower(?)'; - $stmt = $this->pdo->prepare($query); - $stmt->execute([$value]); + if ('mailto' === $uriParts['scheme']) { + $query = 'SELECT uri FROM '.$this->tableName.' WHERE lower(email)=lower(?)'; + $stmt = $this->pdo->prepare($query); + $stmt->execute([$uriParts['path']]); - while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) { - // Checking if the principal is in the prefix - list($rowPrefix) = Uri\split($row['uri']); - if ($rowPrefix !== $principalPrefix) { - continue; - } + while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) { + // Checking if the principal is in the prefix + list($rowPrefix) = Uri\split($row['uri']); + if ($rowPrefix !== $principalPrefix) { + continue; + } - $uri = $row['uri']; - break; //Stop on first match + $uri = $row['uri']; + break; //Stop on first match + } + } else { + $pathParts = Uri\split($uriParts['path']); // We can do this since $uriParts['path'] is not null + + if (2 === count($pathParts) && $pathParts[0] === $principalPrefix) { + // Checking that this uri exists + $query = 'SELECT * FROM '.$this->tableName.' WHERE uri = ?'; + $stmt = $this->pdo->prepare($query); + $stmt->execute([$uriParts['path']]); + $rows = $stmt->fetchAll(); + + if (count($rows) > 0) { + $uri = $uriParts['path']; } - break; - default: - //unsupported uri scheme - return null; + } } return $uri; |