[CalendarServer-changes] [1757]
source_changes at macosforge.org
source_changes at macosforge.org
Fri Aug 3 12:52:35 PDT 2007
Revision: 1757
http://trac.macosforge.org/projects/calendarserver/changeset/1757
Author: cdaboo at apple.com
Date: 2007-08-03 12:52:35 -0700 (Fri, 03 Aug 2007)
Log Message:
-----------
Make sure group-memberset can only contain valid principal-URL values.
Modified Paths:
--------------
CalDAVTester/trunk/Resource/calendaruserproxy/3.xml
CalDAVTester/trunk/Resource/calendaruserproxy/5.xml
CalDAVTester/trunk/Resource/calendaruserproxy/7.xml
CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml
CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py
Modified: CalDAVTester/trunk/Resource/calendaruserproxy/3.xml
===================================================================
--- CalDAVTester/trunk/Resource/calendaruserproxy/3.xml 2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/Resource/calendaruserproxy/3.xml 2007-08-03 19:52:35 UTC (rev 1757)
@@ -2,7 +2,7 @@
<D:propertyupdate xmlns:D="DAV:">
<D:set>
<D:prop>
-<D:group-member-set><D:href>$principal2:</D:href></D:group-member-set>
+<D:group-member-set><D:href>$principaluri2:</D:href></D:group-member-set>
</D:prop>
</D:set>
</D:propertyupdate>
Modified: CalDAVTester/trunk/Resource/calendaruserproxy/5.xml
===================================================================
--- CalDAVTester/trunk/Resource/calendaruserproxy/5.xml 2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/Resource/calendaruserproxy/5.xml 2007-08-03 19:52:35 UTC (rev 1757)
@@ -2,7 +2,7 @@
<D:propertyupdate xmlns:D="DAV:">
<D:set>
<D:prop>
-<D:group-member-set><D:href>$principal2:</D:href><D:href>$principal3:</D:href></D:group-member-set>
+<D:group-member-set><D:href>$principaluri2:</D:href><D:href>$principaluri3:</D:href></D:group-member-set>
</D:prop>
</D:set>
</D:propertyupdate>
Modified: CalDAVTester/trunk/Resource/calendaruserproxy/7.xml
===================================================================
--- CalDAVTester/trunk/Resource/calendaruserproxy/7.xml 2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/Resource/calendaruserproxy/7.xml 2007-08-03 19:52:35 UTC (rev 1757)
@@ -2,7 +2,7 @@
<D:propertyupdate xmlns:D="DAV:">
<D:set>
<D:prop>
-<D:group-member-set><D:href>$principal2:</D:href><D:href>$principal3:bogus</D:href></D:group-member-set>
+<D:group-member-set><D:href>$principaluri2:</D:href><D:href>$principal3:</D:href></D:group-member-set>
</D:prop>
</D:set>
</D:propertyupdate>
Modified: CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml
===================================================================
--- CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml 2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml 2007-08-03 19:52:35 UTC (rev 1757)
@@ -727,10 +727,18 @@
<callback>propfindItems</callback>
<arg>
<name>okprops</name>
- <value>DAV:group-member-set$<href>$principaluri2:</href><href>$principaluri3:</href></value>
+ <value>DAV:group-member-set</value>
<value>DAV:group-membership$</value>
</arg>
</verify>
+ <verify>
+ <callback>dataString</callback>
+ <arg>
+ <name>contains</name>
+ <value><href>$principaluri2:</href></value>
+ <value><href>$principaluri3:</href></value>
+ </arg>
+ </verify>
</request>
</test>
<test name='2' ignore='no'>
Modified: CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py 2007-08-03 16:14:52 UTC (rev 1756)
+++ CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py 2007-08-03 19:52:35 UTC (rev 1757)
@@ -185,7 +185,7 @@
for uri in members:
principal = self.pcollection._principalForURI(uri)
# Invalid principals MUST result in an error.
- if principal is None:
+ if principal is None or principal.principalURL() != uri:
raise HTTPError(StatusResponse(
responsecode.BAD_REQUEST,
"Attempt to use a non-existent principal %s as a group member of %s." % (uri, self.principalURL(),)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070803/f00702eb/attachment.html
More information about the calendarserver-changes
mailing list