Add check for vCard uid

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
author: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> 2018-11-03 19:03:32 +0100
committer: Joas Schilling <coding@schilljs.com> 2018-11-05 12:49:39 +0100
commit: b6d8c5ff2fa8602ea3ce622097350c9b28fee628 (patch)
tree: b0c176226a7e863edcc5b1014a6da2525f53478f /apps
parent: cba3883410f958305673f75950c5b6227c571f16 (diff)
download: nextcloud-server-b6d8c5ff2fa8602ea3ce622097350c9b28fee628.tar.gz
nextcloud-server-b6d8c5ff2fa8602ea3ce622097350c9b28fee628.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/apps/dav/lib/CardDAV/CardDavBackend.php b/apps/dav/lib/CardDAV/CardDavBackend.php
index a8907f631cd..eb94885d177 100644
--- a/apps/dav/lib/CardDAV/CardDavBackend.php
+++ b/apps/dav/lib/CardDAV/CardDavBackend.php
@@ -611,6 +611,19 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 		$etag = md5($cardData);
 		$uid = $this->getUID($cardData);
 
+		$q = $this->db->getQueryBuilder();
+		$q->select('uid')
+			->from('cards')
+			->where($q->expr()->eq('addressbookid', $q->createNamedParameter($addressBookId)))
+			->andWhere($q->expr()->eq('uid', $q->createNamedParameter($uid)))
+			->setMaxResults(1);
+		$result = $q->execute();
+		$count = (bool) $result->fetchColumn();
+		$result->closeCursor();
+		if ($count) {
+			throw new \Sabre\DAV\Exception\BadRequest('VCard object with uid already exists in this addressbook collection.');
+		}
+
 		$query = $this->db->getQueryBuilder();
 		$query->insert('cards')
 			->values([
author	John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2018-11-03 19:03:32 +0100
committer	Joas Schilling <coding@schilljs.com>	2018-11-05 12:49:39 +0100
commit	b6d8c5ff2fa8602ea3ce622097350c9b28fee628 (patch)
tree	b0c176226a7e863edcc5b1014a6da2525f53478f /apps
parent	cba3883410f958305673f75950c5b6227c571f16 (diff)
download	nextcloud-server-b6d8c5ff2fa8602ea3ce622097350c9b28fee628.tar.gz nextcloud-server-b6d8c5ff2fa8602ea3ce622097350c9b28fee628.zip