(fix) handle broken CalDAV clients sending bogus SENT-BY (fixes #3992)

Alinto · Mar 3, 2017 · 79a0d5e · 79a0d5e
1 parent 018b7b7
commit 79a0d5e
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -8,6 +8,7 @@ Enhancements
  -
 
 Bug fixes
+ - [core] handle broken CalDAV clients sending bogus SENT-BY (#3992)
  - [web] fixed ACL editor in admin module for Safari (#4036)
  - [web] fixed function call when removing contact category (#4039)
  - [web] localized mailbox names everywhere (#4040, #4041)

diff --git a/SoObjects/Appointments/SOGoAppointmentObject.m b/SoObjects/Appointments/SOGoAppointmentObject.m
@@ -1990,6 +1990,21 @@ - (id) DELETEAction: (WOContext *) _ctx
   return [super DELETEAction: _ctx];
 }
 
+//
+// Let's check if our CalDAV client has sent us a broken SENT-BY. When Lightning is identity-aware,
+// it'll stupidly send something like this:
+// ORGANIZER;RSVP=TRUE;CN=John Doe;PARTSTAT=ACCEPTED;ROLE=CHAIR;SENT-BY="mail
+// to:mailto:sogo3@example.com":mailto:sogo1@example.com
+//
+- (void) _fixupSentByForPerson: (iCalPerson *) person
+{
+  NSString *sentBy;
+
+  sentBy = [person sentBy];
+  if ([sentBy hasPrefix: @"mailto:"])
+    [person setSentBy: [sentBy substringFromIndex: 7]];
+}
+
 //
 // This method is meant to be the common point of any save operation from web
 // and DAV requests, as well as from code making use of SOGo as a library
@@ -2067,7 +2082,7 @@ - (NSException *) updateContentWithCalendar: (iCalCalendar *) calendar
       // broken CalDAV client that aren't identity-aware will create the event in Annie's calendar
       // and set Bob as the organizer. We fix this for them. See #3368 for details.
       if (!userIsOrganizer &&
-	  [[context activeUser] hasEmail:  [[event organizer] rfc822Email]])
+	  [[context activeUser] hasEmail: [[event organizer] rfc822Email]])
 	{
 	  [[event organizer] setCn: [ownerUser cn]];
 	  [[event organizer] setEmail: [[ownerUser allEmails] objectAtIndex: 0]];
@@ -2080,6 +2095,8 @@ - (NSException *) updateContentWithCalendar: (iCalCalendar *) calendar
 	  attendees = [event attendeesWithoutUser: ownerUser];
 	  if ([attendees count])
 	    {
+	      [self _fixupSentByForPerson: [event organizer]];
+
 	      if ((ex = [self _handleAddedUsers: attendees fromEvent: event  force: YES]))
 		return ex;
 	      else
@@ -2224,7 +2241,7 @@ - (NSException *) updateContentWithCalendar: (iCalCalendar *) calendar
 	  // broken CalDAV client that aren't identity-aware will create the event in Annie's calendar
 	  // and set Bob as the organizer. We fix this for them.  See #3368 for details.
 	  if (!userIsOrganizer &&
-	      [[context activeUser] hasEmail:  [[newEvent organizer] rfc822Email]])
+	      [[context activeUser] hasEmail: [[newEvent organizer] rfc822Email]])
 	    {
 	      [[newEvent organizer] setCn: [ownerUser cn]];
 	      [[newEvent organizer] setEmail: [[ownerUser allEmails] objectAtIndex: 0]];
@@ -2244,6 +2261,8 @@ - (NSException *) updateContentWithCalendar: (iCalCalendar *) calendar
 	      // We check ACLs of the 'organizer' - in case someone forges the SENT-BY
 	      NSString *uid;
 
+	      [self _fixupSentByForPerson: [newEvent organizer]];
+
 	      uid = [[oldEvent organizer] uidInContext: context];
 
 	      if (uid && [[[context activeUser] login] caseInsensitiveCompare: uid] != NSOrderedSame)