htdocs/caldav.php

   1 <?php
   2 /**
   3 * CalDAV Server - main program
   4 *
   5 * @package   davical
   6 * @subpackage   caldav
   7 * @author    Andrew McMillan <andrew@mcmillan.net.nz>
   8 * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
   9 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
  10 */
  11 if ( isset($_SERVER['PATH_INFO']) && preg_match( '{^(/favicon.ico|davical.css|(images|js|css)/.+)$}', $_SERVER['PATH_INFO'], $matches ) ) {
  12   $filename = $_SERVER['DOCUMENT_ROOT'] . preg_replace('{(\.\.|\\\\)}', '', $matches[1]);
  13   $fh = @fopen($matches[1],'r');
  14   if ( ! $fh ) {
  15     @header( sprintf("HTTP/1.1 %d %s", 404, 'Not found') );
  16   }
  17   else {
  18     fpassthru($fh);
  19   }
  20   @ob_flush(); exit(0);
  21 }
  22 require_once('./always.php');
  23
  24 if ( isset($_SERVER['PATH_INFO']) && preg_match( '{^/\.well-known/(.+)$}', $_SERVER['PATH_INFO'], $matches ) ) {
  25   require ('well-known.php');
  26   @ob_flush(); exit(0);
  27 }
  28 elseif ( isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == '/autodiscover/autodiscover.xml' ) {
  29   require ('autodiscover-handler.php');
  30   @ob_flush(); exit(0);
  31 }
  32
  33 function logRequestHeaders() {
  34   global $c;
  35
  36   /** Log the request headers */
  37   $lines = apache_request_headers();
  38   dbg_error_log( "LOG ", "***************** Request Header ****************" );
  39   dbg_error_log( "LOG ", "%s %s", $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'] );
  40   foreach( $lines AS $k => $v ) {
  41     if ( $k != 'Authorization' || (isset($c->dbg['password']) && $c->dbg['password'] ) )
  42       dbg_error_log( "LOG headers", "-->%s: %s", $k, $v );
  43     else
  44       dbg_error_log( "LOG headers", "-->%s: %s", $k, 'Delicious tasty password eaten by debugging monster!' );
  45   }
  46   dbg_error_log( "LOG ", "******************** Request ********************" );
  47
  48   // Log the request in all it's gory detail.
  49   $lines = preg_split( '#[\r\n]+#', $c->raw_post );
  50   foreach( $lines AS $v ) {
  51     dbg_error_log( "LOG request", "-->%s", $v );
  52   }
  53   unset($lines);
  54 }
  55
  56 if ( !isset($c->raw_post) ) $c->raw_post = file_get_contents( 'php://input');
  57 if ( (isset($c->dbg['ALL']) && $c->dbg['ALL']) || (isset($c->dbg['request']) && $c->dbg['request']) )
  58   logRequestHeaders();
  59
  60
  61 require_once('HTTPAuthSession.php');
  62 $session = new HTTPAuthSession();
  63
  64 function send_dav_header() {
  65   global $c;
  66
  67   /**
  68   * access-control is rfc3744, we do most of it, but no way to say that.
  69   * calendar-schedule is another one we do most of, but the spec is not final yet either.
  70   */
  71   if ( isset($c->override_dav_header) ) {
  72     $dav = $c->override_dav_header;
  73   }
  74   else {
  75     /** hack to get around bugzilla #463392 - remove sometime after 2011-02-28 */
  76     if ( isset($_SERVER['HTTP_USER_AGENT']) && preg_match( '{ Gecko/(20[01]\d[01]\d[0123]\d)(\d+)? }', $_SERVER['HTTP_USER_AGENT'], $matches ) && $matches[1] < 20100520 ) {
  77       $dav = '1, 2, 3, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy, bind, addressbook';
  78     }
  79     else {
  80        // We don't actually do calendar-auto-schedule yet - when we do we should add it on here.
  81       $dav = '1, 2, 3, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy, bind, addressbook';
  82       if ( $c->enable_auto_schedule ) $dav .= ', calendar-auto-schedule';
  83     }
  84   }
  85   $dav = explode( "\n", wordwrap( $dav ) );
  86   foreach( $dav AS $v ) {
  87     header( 'DAV: '.trim($v, ', '), false);
  88   }
  89 }
  90 send_dav_header();  // Avoid polluting global namespace
  91
  92 require_once('CalDAVRequest.php');
  93 $request = new CalDAVRequest();
  94
  95 $allowed = implode( ', ', array_keys($request->supported_methods) );
  96 // header( 'Allow: '.$allowed);
  97
  98 if ( ! ($request->IsPrincipal() || isset($request->collection) || $request->method == 'PUT' || $request->method == 'MKCALENDAR' || $request->method == 'MKCOL' ) ) {
  99   if ( preg_match( '#^/principals/users(/.*/)$#', $request->path, $matches ) ) {
 100     // Although this doesn't work with the iPhone, perhaps it will with iCal...
 101     /** @todo integrate handling this URL into CalDAVRequest.php */
 102     $redirect_url = ConstructURL('/caldav.php'.$matches[1]);
 103     dbg_error_log( 'LOG WARNING', 'Redirecting %s for "%s" to "%s"', $request->method, $request->path, $redirect_url );
 104     header('Location: '.$redirect_url );
 105     @ob_flush(); exit(0);
 106   }
 107 }
 108
 109 switch ( $request->method ) {
 110   case 'OPTIONS':    include_once('caldav-OPTIONS.php');   break;
 111   case 'REPORT':     include_once('caldav-REPORT.php');    break;
 112   case 'PROPFIND':   include('caldav-PROPFIND.php');       break;
 113   case 'GET':        include('caldav-GET.php');            break;
 114   case 'POST':       include('caldav-POST.php');           break;
 115   case 'HEAD':       include('caldav-GET.php');            break;
 116   case 'PROPPATCH':  include('caldav-PROPPATCH.php');      break;
 117   case 'PUT':
 118     switch( $request->content_type ) {
 119       case 'text/calendar':
 120         include('caldav-PUT-vcalendar.php');
 121         break;
 122       case 'text/vcard':
 123       case 'text/x-vcard':
 124         include('caldav-PUT-vcard.php');
 125         break;
 126       default:
 127         include('caldav-PUT-default.php');
 128         break;
 129     }
 130     break;
 131   case 'MKCALENDAR': include('caldav-MKCOL.php');          break;
 132   case 'MKCOL':      include('caldav-MKCOL.php');          break;
 133   case 'DELETE':     include('caldav-DELETE.php');         break;
 134   case 'MOVE':       include('caldav-MOVE.php');           break;
 135   case 'ACL':        include('caldav-ACL.php');            break;
 136   case 'LOCK':       include('caldav-LOCK.php');           break;
 137   case 'UNLOCK':     include('caldav-LOCK.php');           break;
 138   case 'MKTICKET':   include('caldav-MKTICKET.php');       break;
 139   case 'DELTICKET':  include('caldav-DELTICKET.php');      break;
 140   case 'BIND':       include('caldav-BIND.php');           break;
 141
 142   case 'TESTRRULE':  include('test-RRULE-v2.php');         break;
 143
 144   default:
 145     dbg_error_log( 'caldav', 'Unhandled request method >>%s<<', $request->method );
 146     dbg_log_array( 'caldav', '_SERVER', $_SERVER, true );
 147     dbg_error_log( 'caldav', 'RAW: %s', str_replace("\n", '',str_replace("\r", '', $request->raw_post)) );
 148 }
 149
 150 $request->DoResponse( 500, translate('The application program does not understand that request.') );
 151