[CalendarServer-changes] [15552] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Mon Apr 25 15:07:02 PDT 2016
Revision: 15552
http://trac.calendarserver.org//changeset/15552
Author: cdaboo at apple.com
Date: 2016-04-25 15:07:02 -0700 (Mon, 25 Apr 2016)
Log Message:
-----------
Make sure ATTACH managed parameters cannot be inadvertently removed by a client
Modified Paths:
--------------
CalendarServer/trunk/requirements-dev.txt
CalendarServer/trunk/txdav/caldav/datastore/sql.py
CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py
Modified: CalendarServer/trunk/requirements-dev.txt
===================================================================
--- CalendarServer/trunk/requirements-dev.txt 2016-04-25 22:05:51 UTC (rev 15551)
+++ CalendarServer/trunk/requirements-dev.txt 2016-04-25 22:07:02 UTC (rev 15552)
@@ -5,4 +5,4 @@
q
tl.eggdeps
--editable svn+http://svn.calendarserver.org/repository/calendarserver/CalDAVClientLibrary/trunk@15425#egg=CalDAVClientLibrary
---editable svn+http://svn.calendarserver.org/repository/calendarserver/CalDAVTester/trunk@15549#egg=CalDAVTester
+--editable svn+http://svn.calendarserver.org/repository/calendarserver/CalDAVTester/trunk@15551#egg=CalDAVTester
Modified: CalendarServer/trunk/txdav/caldav/datastore/sql.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/sql.py 2016-04-25 22:05:51 UTC (rev 15551)
+++ CalendarServer/trunk/txdav/caldav/datastore/sql.py 2016-04-25 22:07:02 UTC (rev 15552)
@@ -4686,6 +4686,23 @@
# Determine what was removed
removed = set(oldattached_keys) - set(newattached_keys)
+ # Make sure that clients don't accidently remove the parameters we care about
+ if not inserting:
+ for managed_id in list(removed):
+ oldattachment = oldattached[managed_id][0]
+ oldattachment_value = oldattachment.value()
+ found_match = False
+ for newattachment in newattachments:
+ if newattachment.value() == oldattachment_value:
+ newattachment.setParameter("MANAGED-ID", oldattachment.parameterValue("MANAGED-ID"))
+ newattachment.setParameter("FMTTYPE", oldattachment.parameterValue("FMTTYPE"))
+ newattachment.setParameter("FILENAME", oldattachment.parameterValue("FILENAME"))
+ newattachment.setParameter("SIZE", oldattachment.parameterValue("SIZE"))
+ found_match = True
+ if found_match:
+ removed.remove(managed_id)
+
+
# Determine what was added
added = set(newattached_keys) - set(oldattached_keys)
changed = {}
Modified: CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py 2016-04-25 22:05:51 UTC (rev 15551)
+++ CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py 2016-04-25 22:07:02 UTC (rev 15552)
@@ -1440,7 +1440,62 @@
self.assertEqual(quota, 0)
+ @inlineCallbacks
+ def test_resourceCheckAttachments_clientRemovesParameters(self):
+ """
+ L{ICalendarObject.resourceCheckAttachments} will properly handle clients stripping parameters.
+ """
+ # Create attachment
+ obj = yield self.calendarObjectUnderTest()
+ yield obj.addAttachment(None, MimeType("text", "x-fixture"), "new.attachment", MemoryStream("new attachment text"))
+ yield self.commit()
+
+ # Verify parameters exist
+ obj = yield self.calendarObjectUnderTest()
+ component = yield obj.componentForUser()
+ attachments = component.getAllPropertiesInAnyComponent("ATTACH", depth=1,)
+ self.assertEqual(len(attachments), 1)
+ attach = attachments[0]
+ managed_id = attach.parameterValue("MANAGED-ID")
+ fmttype = attach.parameterValue("FMTTYPE")
+ filename = attach.parameterValue("FILENAME")
+ size = attach.parameterValue("SIZE")
+
+ self.assertEqual(fmttype, "text/x-fixture")
+ self.assertEqual(filename, "new.attachment")
+ self.assertEqual(int(size), 19)
+
+ # Remove parameters and write it back
+ attach.removeParameter("MANAGED-ID")
+ attach.removeParameter("FMTTYPE")
+ attach.removeParameter("FILENAME")
+ attach.removeParameter("SIZE")
+ yield obj.setComponent(component.duplicate())
+ yield self.commit()
+
+ # Verify parameters recovered
+ obj = yield self.calendarObjectUnderTest()
+ component = yield obj.componentForUser()
+ attachments = component.getAllPropertiesInAnyComponent("ATTACH", depth=1,)
+ self.assertEqual(len(attachments), 1)
+ attach = attachments[0]
+ managed_id2 = attach.parameterValue("MANAGED-ID")
+ fmttype2 = attach.parameterValue("FMTTYPE")
+ filename2 = attach.parameterValue("FILENAME")
+ size2 = attach.parameterValue("SIZE")
+
+ self.assertEqual(managed_id2, managed_id)
+ self.assertEqual(fmttype2, "text/x-fixture")
+ self.assertEqual(filename2, "new.attachment")
+ self.assertEqual(int(size2), 19)
+
+ attachment = yield obj.attachmentWithManagedID(managed_id2)
+ data = yield self.attachmentToString(attachment)
+ self.assertEquals(data, "new attachment text")
+
+
+
now = DateTime.getToday().getYear()
PLAIN_ICS = """BEGIN:VCALENDAR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160425/251778a5/attachment-0001.html>
More information about the calendarserver-changes
mailing list