Skip to content

Commit 4530184

Browse files
SebastianKrupinskiSebastianKrupinski
committed
fix: check if properties exist before using them
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
1 parent a2eed98 commit 4530184

File tree

2 files changed

+819
-282
lines changed

2 files changed

+819
-282
lines changed

lib/private/Calendar/Manager.php

Lines changed: 72 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -249,13 +249,19 @@ public function handleIMipRequest(
249249
return false;
250250
}
251251

252+
/** @var VEvent|null $vEvent */
252253
$eventObject = $calendarObject->VEVENT;
253254

254255
if (!isset($eventObject->UID)) {
255256
$this->logger->warning('iMip message event dose not contains a UID');
256257
return false;
257258
}
258259

260+
if (!isset($eventObject->ORGANIZER)) {
261+
$this->logger->warning('iMip message event dose not contains an organizer');
262+
return false;
263+
}
264+
259265
if (!isset($eventObject->ATTENDEE)) {
260266
$this->logger->warning('iMip message event dose not contains any attendees');
261267
return false;
@@ -296,7 +302,7 @@ public function handleIMipRequest(
296302
}
297303
}
298304

299-
$this->logger->warning('iMip message event could not be processed because the no corresponding event was found in any calendar');
305+
$this->logger->warning('iMip message event could not be processed because no corresponding event was found in any calendar');
300306
return false;
301307
}
302308

@@ -309,45 +315,62 @@ public function handleIMipReply(
309315
string $recipient,
310316
string $calendarData,
311317
): bool {
318+
319+
$calendars = $this->getCalendarsForPrincipal($principalUri);
320+
if (empty($calendars)) {
321+
$this->logger->warning('iMip message could not be processed because user has no calendars');
322+
return false;
323+
}
324+
312325
/** @var VCalendar $vObject|null */
313326
$vObject = Reader::read($calendarData);
314327

315328
if ($vObject === null) {
329+
$this->logger->warning('iMip message contains an invalid calendar object');
330+
return false;
331+
}
332+
333+
if (!isset($vObject->METHOD) || $vObject->METHOD->getValue() !== 'REPLY') {
334+
$this->logger->warning('iMip message contains an incorrect or invalid method');
335+
return false;
336+
}
337+
338+
if (!isset($vObject->VEVENT)) {
339+
$this->logger->warning('iMip message contains no event');
316340
return false;
317341
}
318342

319343
/** @var VEvent|null $vEvent */
320-
$vEvent = $vObject->{'VEVENT'};
344+
$vEvent = $vObject->VEVENT;
345+
346+
if (!isset($vEvent->UID)) {
347+
$this->logger->warning('iMip message event dose not contains a UID');
348+
return false;
349+
}
321350

322-
if ($vEvent === null) {
351+
if (!isset($vEvent->ORGANIZER)) {
352+
$this->logger->warning('iMip message event dose not contains an organizer');
323353
return false;
324354
}
325355

326-
// First, we check if the correct method is passed to us
327-
if (strcasecmp('REPLY', $vObject->{'METHOD'}->getValue()) !== 0) {
328-
$this->logger->warning('Wrong method provided for processing');
356+
if (!isset($vEvent->ATTENDEE)) {
357+
$this->logger->warning('iMip message event dose not contains any attendees');
329358
return false;
330359
}
331360

332361
// check if mail recipient and organizer are one and the same
333362
$organizer = substr($vEvent->{'ORGANIZER'}->getValue(), 7);
334363

335364
if (strcasecmp($recipient, $organizer) !== 0) {
336-
$this->logger->warning('Recipient and ORGANIZER must be identical');
365+
$this->logger->warning('iMip message event could not be processed because recipient and ORGANIZER must be identical');
337366
return false;
338367
}
339368

340369
//check if the event is in the future
341370
/** @var DateTime $eventTime */
342371
$eventTime = $vEvent->{'DTSTART'};
343372
if ($eventTime->getDateTime()->getTimeStamp() < $this->timeFactory->getTime()) { // this might cause issues with recurrences
344-
$this->logger->warning('Only events in the future are processed');
345-
return false;
346-
}
347-
348-
$calendars = $this->getCalendarsForPrincipal($principalUri);
349-
if (empty($calendars)) {
350-
$this->logger->warning('Could not find any calendars for principal ' . $principalUri);
373+
$this->logger->warning('iMip message event could not be processed because the event is in the past');
351374
return false;
352375
}
353376

@@ -369,14 +392,14 @@ public function handleIMipReply(
369392
}
370393

371394
if (empty($found)) {
372-
$this->logger->info('Event not found in any calendar for principal ' . $principalUri . 'and UID' . $vEvent->{'UID'}->getValue());
395+
$this->logger->warning('iMip message event could not be processed because no corresponding event was found in any calendar ' . $principalUri . 'and UID' . $vEvent->{'UID'}->getValue());
373396
return false;
374397
}
375398

376399
try {
377400
$found->handleIMipMessage($name, $calendarData); // sabre will handle the scheduling behind the scenes
378401
} catch (CalendarException $e) {
379-
$this->logger->error('Could not update calendar for iMIP processing', ['exception' => $e]);
402+
$this->logger->error('An error occurred while processing the iMip message event', ['exception' => $e]);
380403
return false;
381404
}
382405
return true;
@@ -393,29 +416,52 @@ public function handleIMipCancel(
393416
string $recipient,
394417
string $calendarData,
395418
): bool {
419+
420+
$calendars = $this->getCalendarsForPrincipal($principalUri);
421+
if (empty($calendars)) {
422+
$this->logger->warning('iMip message could not be processed because user has no calendars');
423+
return false;
424+
}
425+
396426
/** @var VCalendar $vObject|null */
397427
$vObject = Reader::read($calendarData);
398428

399429
if ($vObject === null) {
430+
$this->logger->warning('iMip message contains an invalid calendar object');
431+
return false;
432+
}
433+
434+
if (!isset($vObject->METHOD) || $vObject->METHOD->getValue() !== 'CANCEL') {
435+
$this->logger->warning('iMip message contains an incorrect or invalid method');
436+
return false;
437+
}
438+
439+
if (!isset($vObject->VEVENT)) {
440+
$this->logger->warning('iMip message contains no event');
400441
return false;
401442
}
402443

403444
/** @var VEvent|null $vEvent */
404445
$vEvent = $vObject->{'VEVENT'};
405446

406-
if ($vEvent === null) {
447+
if (!isset($vEvent->UID)) {
448+
$this->logger->warning('iMip message event dose not contains a UID');
407449
return false;
408450
}
409451

410-
// First, we check if the correct method is passed to us
411-
if (strcasecmp('CANCEL', $vObject->{'METHOD'}->getValue()) !== 0) {
412-
$this->logger->warning('Wrong method provided for processing');
452+
if (!isset($vEvent->ORGANIZER)) {
453+
$this->logger->warning('iMip message event dose not contains an organizer');
454+
return false;
455+
}
456+
457+
if (!isset($vEvent->ATTENDEE)) {
458+
$this->logger->warning('iMip message event dose not contains any attendees');
413459
return false;
414460
}
415461

416462
$attendee = substr($vEvent->{'ATTENDEE'}->getValue(), 7);
417463
if (strcasecmp($recipient, $attendee) !== 0) {
418-
$this->logger->warning('Recipient must be an ATTENDEE of this event');
464+
$this->logger->warning('iMip message event could not be processed because recipient must be an ATTENDEE of this event');
419465
return false;
420466
}
421467

@@ -426,22 +472,15 @@ public function handleIMipCancel(
426472
$organizer = substr($vEvent->{'ORGANIZER'}->getValue(), 7);
427473
$isNotOrganizer = ($replyTo !== null) ? (strcasecmp($sender, $organizer) !== 0 && strcasecmp($replyTo, $organizer) !== 0) : (strcasecmp($sender, $organizer) !== 0);
428474
if ($isNotOrganizer) {
429-
$this->logger->warning('Sender must be the ORGANIZER of this event');
475+
$this->logger->warning('iMip message event could not be processed because sender must be the ORGANIZER of this event');
430476
return false;
431477
}
432478

433479
//check if the event is in the future
434480
/** @var DateTime $eventTime */
435481
$eventTime = $vEvent->{'DTSTART'};
436482
if ($eventTime->getDateTime()->getTimeStamp() < $this->timeFactory->getTime()) { // this might cause issues with recurrences
437-
$this->logger->warning('Only events in the future are processed');
438-
return false;
439-
}
440-
441-
// Check if we have a calendar to work with
442-
$calendars = $this->getCalendarsForPrincipal($principalUri);
443-
if (empty($calendars)) {
444-
$this->logger->warning('Could not find any calendars for principal ' . $principalUri);
483+
$this->logger->warning('iMip message event could not be processed because the event is in the past');
445484
return false;
446485
}
447486

@@ -463,17 +502,15 @@ public function handleIMipCancel(
463502
}
464503

465504
if (empty($found)) {
466-
$this->logger->info('Event not found in any calendar for principal ' . $principalUri . 'and UID' . $vEvent->{'UID'}->getValue());
467-
// this is a safe operation
468-
// we can ignore events that have been cancelled but were not in the calendar anyway
469-
return true;
505+
$this->logger->warning('iMip message event could not be processed because no corresponding event was found in any calendar ' . $principalUri . 'and UID' . $vEvent->{'UID'}->getValue());
506+
return false;
470507
}
471508

472509
try {
473510
$found->handleIMipMessage($name, $calendarData); // sabre will handle the scheduling behind the scenes
474511
return true;
475512
} catch (CalendarException $e) {
476-
$this->logger->error('Could not update calendar for iMIP processing', ['exception' => $e]);
513+
$this->logger->error('An error occurred while processing the iMip message event', ['exception' => $e]);
477514
return false;
478515
}
479516
}

0 commit comments

Comments
 (0)