inc/caldav-PUT-vcard.php

   1 <?php
   2 /**
   3 * CalDAV Server - handle PUT method on VCARD content-types
   4 *
   5 * @package   davical
   6 * @subpackage   caldav
   7 * @author    Andrew McMillan <andrew@morphoss.com>
   8 * @copyright Morphoss Ltd
   9 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
  10 */
  11 dbg_error_log("PUT", "method handler");
  12
  13 require_once('DAVResource.php');
  14
  15 if ( ! ini_get('open_basedir') && (isset($c->dbg['ALL']) || (isset($c->dbg['put']) && $c->dbg['put'])) ) {
  16   $fh = fopen('/tmp/PUT.txt','w');
  17   if ( $fh ) {
  18     fwrite($fh,$request->raw_post);
  19     fclose($fh);
  20   }
  21 }
  22
  23 $lock_opener = $request->FailIfLocked();
  24
  25 require_once('vcard.php');
  26 $vcard = new vCard( $request->raw_post );
  27 $uid = $vcard->GetPValue('UID');
  28 if ( empty($uid) ) {
  29   $uid = uuid();
  30   $vcard->AddProperty('UID',$uid);
  31 }
  32
  33 if ( $add_member ) {
  34   $request->path = $request->dav_name() . $uid . '.vcf';
  35   $dest = new DAVResource($request->path);
  36   if ( $dest->Exists() ) {
  37     $uid = uuid();
  38     $vcard->AddProperty('UID',$uid);
  39     $request->path = $request->dav_name() . $uid . '.vcf';
  40     $dest = new DAVResource($request->path);
  41     if ( $dest->Exists() ) throw new Exception("Failed to generate unique segment name for add-member!");
  42   }
  43 }
  44 else {
  45   $dest = new DAVResource($request->path);
  46 }
  47
  48 $container = $dest->GetParentContainer();
  49 if ( ! $dest->Exists() ) {
  50   if ( $container->IsPrincipal() ) {
  51     $request->PreconditionFailed(405,'method-not-allowed',translate('A DAViCal principal collection may only contain collections'));
  52   }
  53   if ( ! $container->Exists() ) {
  54     $request->PreconditionFailed( 409, 'collection-must-exist',translate('The destination collection does not exist') );
  55   }
  56   $container->NeedPrivilege('DAV::bind');
  57 }
  58 else {
  59   if ( $dest->IsCollection() ) {
  60     if ( ! isset($c->readonly_webdav_collections) || $c->readonly_webdav_collections ) {
  61       $request->PreconditionFailed(405,'method-not-allowed',translate('You may not PUT to a collection URL'));
  62     }
  63     $request->DoResponse(403,translate('PUT on a collection is only allowed for text/vcard content against an addressbook collection'));
  64   }
  65   $dest->NeedPrivilege('DAV::write-content');
  66 }
  67
  68 $request->CheckEtagMatch( $dest->Exists(), $dest->unique_tag() );
  69
  70 $collection_id = $container->GetProperty('collection_id');
  71
  72 $original_etag = md5($request->raw_post);
  73
  74
  75 $qry = new AwlQuery();
  76 $qry->Begin();
  77
  78 $uid = $vcard->GetPValue('UID');
  79 if ( empty($uid) ) {
  80   $uid = uuid();
  81   $vcard->AddProperty('UID',$uid);
  82 }
  83
  84 $last_modified = $vcard->GetPValue('REV');
  85 if ( empty($last_modified) ) {
  86   $last_modified = gmdate( 'Ymd\THis\Z' );
  87   $vcard->AddProperty('REV',$last_modified);
  88 }
  89 elseif ( stripos($last_modified, 'TZ') ) {
  90   // At least one of my examples has this crap.
  91   $last_modified = str_replace('TZ','T000000Z',$last_modified);
  92   $vcard->ClearProperties('REV');
  93   $vcard->AddProperty('REV',$last_modified);
  94 }
  95 elseif( preg_match('{^(\d{8})(\d{6})Z?}', $last_modified, $matches) ) {
  96   $last_modified = $matches[1] . 'T' . $matches[2] . 'Z';
  97   $vcard->ClearProperties('REV');
  98   $vcard->AddProperty('REV',$last_modified);
  99 }
 100
 101 $rendered_card = $vcard->Render();
 102 $etag = md5($rendered_card);
 103 $params = array(
 104     ':user_no' => $dest->GetProperty('user_no'),
 105     ':dav_name' => $dest->bound_from(),
 106     ':etag' => $etag,
 107     ':dav_data' => $rendered_card,
 108     ':session_user' => $session->user_no,
 109     ':modified' => $last_modified
 110 );
 111 if ( $dest->Exists() ) {
 112   $sql = 'UPDATE caldav_data SET caldav_data=:dav_data, dav_etag=:etag, logged_user=:session_user,
 113           modified=:modified, user_no=:user_no, caldav_type=\'VCARD\' WHERE dav_name=:dav_name';
 114   $response_code = 200;
 115   $qry->QDo( $sql, $params );
 116
 117   $qry->QDo("SELECT dav_id FROM caldav_data WHERE dav_name = :dav_name ", array(':dav_name' => $params[':dav_name']) );
 118 }
 119 else {
 120   $sql = 'INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, caldav_type, logged_user, created, modified, collection_id )
 121           VALUES( :user_no, :dav_name, :etag, :dav_data, \'VCARD\', :session_user, current_timestamp, :modified, :collection_id )';
 122   $params[':collection_id'] = $collection_id;
 123   $response_code = 201;
 124   $qry->QDo( $sql, $params );
 125
 126   $qry->QDo("SELECT currval('dav_id_seq') AS dav_id" );
 127 }
 128 $row = $qry->Fetch();
 129
 130 $vcard->Write( $row->dav_id, $dest->Exists() );
 131
 132 $qry->QDo("SELECT write_sync_change( $collection_id, $response_code, :dav_name)", array(':dav_name' => $dest->bound_from() ) );
 133
 134 if ( !$qry->Commit() ) {
 135    $qry->Rollback();
 136    $request->DoResponse( 500, "A database error occurred" );
 137 }
 138
 139 // Uncache anything to do with the collection
 140 $cache = getCacheInstance();
 141 $cache->delete( 'collection-'.$container->dav_name(), null );
 142
 143 if ( $add_member ) header('Location: '.$c->protocol_server_port_script.$request->path);
 144
 145 if ( $etag == $original_etag ) header('ETag: "'. $etag . '"' ); // Only send the ETag if we didn't change what they gave us.
 146 if ( $response_code == 200 ) $response_code = 204;
 147 $request->DoResponse( $response_code );