LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

(fix) handle broken CalDAV clients sending bogus SENT-BY (fixes #3992)

pull/234/head
Ludovic Marcotte 2017-03-03 08:47:59 -05:00
parent 018b7b7ab9
commit 79a0d5e133
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -8,6 +8,7 @@ Enhancements
-
Bug fixes
- [core] handle broken CalDAV clients sending bogus SENT-BY (#3992)
- [web] fixed ACL editor in admin module for Safari (#4036)
- [web] fixed function call when removing contact category (#4039)
- [web] localized mailbox names everywhere (#4040, #4041)

23
SoObjects/Appointments/SOGoAppointmentObject.m
View File

@ -1990,6 +1990,21 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent
return [super DELETEAction: _ctx];
}
//
// Let's check if our CalDAV client has sent us a broken SENT-BY. When Lightning is identity-aware,
// it'll stupidly send something like this:
// ORGANIZER;RSVP=TRUE;CN=John Doe;PARTSTAT=ACCEPTED;ROLE=CHAIR;SENT-BY="mail
// to:mailto:sogo3@example.com":mailto:sogo1@example.com
//
- (void) _fixupSentByForPerson: (iCalPerson *) person
{
NSString *sentBy;
sentBy = [person sentBy];
if ([sentBy hasPrefix: @"mailto:"])
[person setSentBy: [sentBy substringFromIndex: 7]];
}
//
// This method is meant to be the common point of any save operation from web
// and DAV requests, as well as from code making use of SOGo as a library
@ -2067,7 +2082,7 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent
// broken CalDAV client that aren't identity-aware will create the event in Annie's calendar
// and set Bob as the organizer. We fix this for them. See #3368 for details.
if (!userIsOrganizer &&
[[context activeUser] hasEmail: [[event organizer] rfc822Email]])
[[context activeUser] hasEmail: [[event organizer] rfc822Email]])
{
[[event organizer] setCn: [ownerUser cn]];
[[event organizer] setEmail: [[ownerUser allEmails] objectAtIndex: 0]];
@ -2080,6 +2095,8 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent
attendees = [event attendeesWithoutUser: ownerUser];
if ([attendees count])
{
[self _fixupSentByForPerson: [event organizer]];
if ((ex = [self _handleAddedUsers: attendees fromEvent: event force: YES]))
return ex;
else
@ -2224,7 +2241,7 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent
// broken CalDAV client that aren't identity-aware will create the event in Annie's calendar
// and set Bob as the organizer. We fix this for them. See #3368 for details.
if (!userIsOrganizer &&
[[context activeUser] hasEmail: [[newEvent organizer] rfc822Email]])
[[context activeUser] hasEmail: [[newEvent organizer] rfc822Email]])
{
[[newEvent organizer] setCn: [ownerUser cn]];
[[newEvent organizer] setEmail: [[ownerUser allEmails] objectAtIndex: 0]];
@ -2244,6 +2261,8 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent
// We check ACLs of the 'organizer' - in case someone forges the SENT-BY
NSString *uid;
[self _fixupSentByForPerson: [newEvent organizer]];
uid = [[oldEvent organizer] uidInContext: context];
if (uid && [[[context activeUser] login] caseInsensitiveCompare: uid] != NSOrderedSame)