summaryrefslogtreecommitdiff
path: root/lib/Kolab/CalDAV/CalendarBackend.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Kolab/CalDAV/CalendarBackend.php')
-rw-r--r--lib/Kolab/CalDAV/CalendarBackend.php26
1 files changed, 26 insertions, 0 deletions
diff --git a/lib/Kolab/CalDAV/CalendarBackend.php b/lib/Kolab/CalDAV/CalendarBackend.php
index a60fd46..09cc40e 100644
--- a/lib/Kolab/CalDAV/CalendarBackend.php
+++ b/lib/Kolab/CalDAV/CalendarBackend.php
@@ -374,6 +374,10 @@ class CalendarBackend extends CalDAV\Backend\AbstractBackend
$storage = $this->get_storage_folder($calendarId);
$object = $this->parse_calendar_data($calendarData, $uid);
+ if (empty($object)) {
+ throw new DAV\Exception('Parse error: not a valid iCalendar 2.0 object');
+ }
+
if ($object['uid'] == $uid) {
$success = $storage->save($object, $object['_type']);
if (!$success) {
@@ -424,6 +428,10 @@ class CalendarBackend extends CalDAV\Backend\AbstractBackend
$storage = $this->get_storage_folder($calendarId);
$object = $this->parse_calendar_data($calendarData, $uid);
+ if (empty($object)) {
+ throw new DAV\Exception('Parse error: not a valid iCalendar 2.0 object');
+ }
+
// sanity check
if ($object['uid'] != $uid) {
rcube::raise_error(array(
@@ -767,6 +775,19 @@ class CalendarBackend extends CalDAV\Backend\AbstractBackend
}
}
+ // check DURATION property if no end date is set
+ if (empty($event['end']) && $ve->DURATION) {
+ try {
+ $duration = new \DateInterval(strval($ve->DURATION));
+ $end = clone $event['start'];
+ $end->add($duration);
+ $event['end'] = $end;
+ }
+ catch (\Exception $e) {
+ trigger_error(strval($e), E_USER_WARNING);
+ }
+ }
+
// check for all-day dates
if ($event['start']->_dateonly) {
$event['allday'] = true;
@@ -805,6 +826,11 @@ class CalendarBackend extends CalDAV\Backend\AbstractBackend
$event['alarms'] = $trigger . ':' . $action;
}
+ // validate
+ if (empty($event['uid']) || empty($event['start']) || !($event['start'] instanceof \DateTime) || empty($event['end']) || !($event['end'] instanceof \DateTime)) {
+ throw new VObject\ParseException('Object validation failed: missing mandatory object properties');
+ }
+
return $event;
}