upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-11 09:42:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 40

Merge pull request #38416 from nextcloud/backport/38308/stable27

Browse source 
[stable27] fix(carddav): Check if SERVER variables are set before accessing them
This commit is contained in:
Joas Schilling 2023-05-30 12:12:53 +02:00 committed by GitHub
commit 297ba1cd3a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
apps/dav/lib/CardDAV/SystemAddressbook.php
View file

@ -35,14 +35,12 @@ use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IL10N;
use OCP\IRequest;
use OCP\IUser;
use OCP\IUserSession;
use Sabre\CardDAV\Backend\SyncSupport;
use Sabre\CardDAV\Backend\BackendInterface;
use Sabre\CardDAV\Card;
use Sabre\DAV\Exception\Forbidden;
use Sabre\DAV\Exception\NotFound;
use Sabre\DAV\ICollection;
use Sabre\VObject\Component\VCard;
use Sabre\VObject\Reader;
use function array_filter;
@ -300,12 +298,13 @@ class SystemAddressbook extends AddressBook {
}
/** @psalm-suppress NoInterfaceProperties */
if ($this->request->server['PHP_AUTH_USER'] !== 'system') {
$server = $this->request->server;
if (!isset($server['PHP_AUTH_USER']) || $server['PHP_AUTH_USER'] !== 'system') {
return false;
}
/** @psalm-suppress NoInterfaceProperties */
$sharedSecret = $this->request->server['PHP_AUTH_PW'];
$sharedSecret = $server['PHP_AUTH_PW'] ?? null;
if ($sharedSecret === null) {
return false;
}
@ -365,7 +364,7 @@ class SystemAddressbook extends AddressBook {
}
public function getACL() {
return array_filter(parent::getACL(), function($acl) {
return array_filter(parent::getACL(), function ($acl) {
if (in_array($acl['privilege'], ['{DAV:}write', '{DAV:}all'], true)) {
return false;
}