This is a security issue that allowed a user to read the number
of messages and its subjects when it does not have any permission to read.
Now the user cannot see other's folder without asking for me to the owner.
Instead of asking general container. This gives the possibility to
perform the deletion depending on the data from the message, for instance,
the user creator.
As specified by [MS-OXCPERM] Section 3.2.5.2, the ModifyPermissions ROP
is only possible to users which have this right.
After this changeset, we check the active user can modify permission
list. This is a security fix.
Instead of using the connected active user.
Although this provides no changes in the result, it could be depending
on changes from the backend so it'd better have it accurated to what
the OpenChange DB API offers.
Instead of using connected active user because the fmids are related
to the root folder (context) owner. This avoids returning back incorrect
identifiers which mostly collide with already associated URLs.
This specifies a little the scope of the variable to make it
more realistic with the actual values it may have. We do have
a static typed compiled language, why don't we use it?
Instead of keeping only the highest access roles. This reverts
2c678101 to fix handling of ACLs with multiple groups.
This is done because OpenChange library stores other roles/permissions
in the ACLs that have limited scope to the MAPI protocol and it
maintains an homogeneous returned data with other folders by returning
the actual data is stored in the DB.
By sorting the roles, we give the ability to callers to validate
permissions more efficiency (less loops) and keep the right highest
access level. As an example, check
[SOGoApppointmentFolder:roleForComponentsWithAccessClass:forUser]
for details.
Using LDAP as source, the group entry must have a valid
group objectClass such as posixGroup or group and have a
valid UIDField which does not include the domain.
With this changeset, SOGo is aware of these groups when it has
an email and you can share a component such as a calendar with
the member of the group.
In RTF is possible to specify characters with the sequence \'XX being
XX an hexadecimal number.
With this changeset we guard against incorrect hexadecimal numbers which
will be ignored.
The other change added is to ignore carriadge returns in plain text.
In _getElement which match many properties and in both
PidLidAddressBookProviderEmailList and PidLidAddressBookProviderArrayType.
As it is specified in [MS-OXOCNTC] Section 2.2.1, each property
must be stored when the user needs it. So we can assume we can avoid
returning them if we don't have it.
This fix a Sync Issue which make it impossible to sync a contact
folder where some contact object does not any email. The sync issue
message is as follows:
Error synchronizing folder
[80070057-30FFFFFF-0-560]
By setting `SoIMAP4ExceptionsEnabled` config key to YES
Enabled for OpenChange by default, it will ensure no action is taken
when IMAP connection is not valid.