diff options
| author | Richard Steinmetz <richard@steinmetz.cloud> | 2024-06-04 15:58:39 +0200 |
|---|---|---|
| committer | Richard Steinmetz <richard@steinmetz.cloud> | 2024-07-22 15:24:39 +0200 |
| commit | cbea7872333974bae8868e7553c06595e5d3d02d (patch) | |
| tree | cacaa36b654f989903e300d379388df078d14674 /apps/dav/lib/CalDAV/Schedule | |
| parent | 1768bd628052cf3b9db7cb3c1dbee7313ee24c16 (diff) | |
| download | nextcloud-server-cbea7872333974bae8868e7553c06595e5d3d02d.tar.gz nextcloud-server-cbea7872333974bae8868e7553c06595e5d3d02d.zip | |
fix(caldav): stricter default calendar checks
Reject calendars that
- are subscriptions
- are not writable
- are shared with a user
- are deleted
- don't support VEVENTs
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'apps/dav/lib/CalDAV/Schedule')
| -rw-r--r-- | apps/dav/lib/CalDAV/Schedule/Plugin.php | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/apps/dav/lib/CalDAV/Schedule/Plugin.php b/apps/dav/lib/CalDAV/Schedule/Plugin.php index 897901a61a4..5496fb23a96 100644 --- a/apps/dav/lib/CalDAV/Schedule/Plugin.php +++ b/apps/dav/lib/CalDAV/Schedule/Plugin.php @@ -9,11 +9,13 @@ use DateTimeZone; use OCA\DAV\CalDAV\CalDavBackend; use OCA\DAV\CalDAV\Calendar; use OCA\DAV\CalDAV\CalendarHome; +use OCA\DAV\CalDAV\DefaultCalendarValidator; use OCP\IConfig; use Psr\Log\LoggerInterface; use Sabre\CalDAV\ICalendar; use Sabre\CalDAV\ICalendarObject; use Sabre\CalDAV\Schedule\ISchedulingObject; +use Sabre\DAV\Exception as DavException; use Sabre\DAV\INode; use Sabre\DAV\IProperties; use Sabre\DAV\PropFind; @@ -51,13 +53,15 @@ class Plugin extends \Sabre\CalDAV\Schedule\Plugin { public const CALENDAR_USER_TYPE = '{' . self::NS_CALDAV . '}calendar-user-type'; public const SCHEDULE_DEFAULT_CALENDAR_URL = '{' . Plugin::NS_CALDAV . '}schedule-default-calendar-URL'; private LoggerInterface $logger; + private DefaultCalendarValidator $defaultCalendarValidator; /** * @param IConfig $config */ - public function __construct(IConfig $config, LoggerInterface $logger) { + public function __construct(IConfig $config, LoggerInterface $logger, DefaultCalendarValidator $defaultCalendarValidator) { $this->config = $config; $this->logger = $logger; + $this->defaultCalendarValidator = $defaultCalendarValidator; } /** @@ -360,11 +364,20 @@ EOF; * - isn't a calendar subscription * - user can write to it (no virtual/3rd-party calendars) * - calendar isn't a share + * - calendar supports VEVENTs */ foreach ($calendarHome->getChildren() as $node) { - if ($node instanceof Calendar && !$node->isSubscription() && $node->canWrite() && !$node->isShared() && !$node->isDeleted()) { - $userCalendars[] = $node; + if (!($node instanceof Calendar)) { + continue; } + + try { + $this->defaultCalendarValidator->validateScheduleDefaultCalendar($node); + } catch (DavException $e) { + continue; + } + + $userCalendars[] = $node; } if (count($userCalendars) > 0) { |