From 79a0d5e1337793c40feb499aa61aa29400b782f4 Mon Sep 17 00:00:00 2001 From: Ludovic Marcotte Date: Fri, 3 Mar 2017 08:47:59 -0500 Subject: [PATCH] (fix) handle broken CalDAV clients sending bogus SENT-BY (fixes #3992) --- NEWS | 1 + .../Appointments/SOGoAppointmentObject.m | 23 +++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 5d1fcda9f..49efd029f 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ Enhancements - Bug fixes + - [core] handle broken CalDAV clients sending bogus SENT-BY (#3992) - [web] fixed ACL editor in admin module for Safari (#4036) - [web] fixed function call when removing contact category (#4039) - [web] localized mailbox names everywhere (#4040, #4041) diff --git a/SoObjects/Appointments/SOGoAppointmentObject.m b/SoObjects/Appointments/SOGoAppointmentObject.m index 32a8105ab..409fc4c12 100644 --- a/SoObjects/Appointments/SOGoAppointmentObject.m +++ b/SoObjects/Appointments/SOGoAppointmentObject.m @@ -1990,6 +1990,21 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent return [super DELETEAction: _ctx]; } +// +// Let's check if our CalDAV client has sent us a broken SENT-BY. When Lightning is identity-aware, +// it'll stupidly send something like this: +// ORGANIZER;RSVP=TRUE;CN=John Doe;PARTSTAT=ACCEPTED;ROLE=CHAIR;SENT-BY="mail +// to:mailto:sogo3@example.com":mailto:sogo1@example.com +// +- (void) _fixupSentByForPerson: (iCalPerson *) person +{ + NSString *sentBy; + + sentBy = [person sentBy]; + if ([sentBy hasPrefix: @"mailto:"]) + [person setSentBy: [sentBy substringFromIndex: 7]]; +} + // // This method is meant to be the common point of any save operation from web // and DAV requests, as well as from code making use of SOGo as a library @@ -2067,7 +2082,7 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent // broken CalDAV client that aren't identity-aware will create the event in Annie's calendar // and set Bob as the organizer. We fix this for them. See #3368 for details. if (!userIsOrganizer && - [[context activeUser] hasEmail: [[event organizer] rfc822Email]]) + [[context activeUser] hasEmail: [[event organizer] rfc822Email]]) { [[event organizer] setCn: [ownerUser cn]]; [[event organizer] setEmail: [[ownerUser allEmails] objectAtIndex: 0]]; @@ -2080,6 +2095,8 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent attendees = [event attendeesWithoutUser: ownerUser]; if ([attendees count]) { + [self _fixupSentByForPerson: [event organizer]]; + if ((ex = [self _handleAddedUsers: attendees fromEvent: event force: YES])) return ex; else @@ -2224,7 +2241,7 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent // broken CalDAV client that aren't identity-aware will create the event in Annie's calendar // and set Bob as the organizer. We fix this for them. See #3368 for details. if (!userIsOrganizer && - [[context activeUser] hasEmail: [[newEvent organizer] rfc822Email]]) + [[context activeUser] hasEmail: [[newEvent organizer] rfc822Email]]) { [[newEvent organizer] setCn: [ownerUser cn]]; [[newEvent organizer] setEmail: [[ownerUser allEmails] objectAtIndex: 0]]; @@ -2244,6 +2261,8 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent // We check ACLs of the 'organizer' - in case someone forges the SENT-BY NSString *uid; + [self _fixupSentByForPerson: [newEvent organizer]]; + uid = [[oldEvent organizer] uidInContext: context]; if (uid && [[[context activeUser] login] caseInsensitiveCompare: uid] != NSOrderedSame)