diff --git a/plugins/calendar/drivers/kolab/kolab_driver.php b/plugins/calendar/drivers/kolab/kolab_driver.php index 0b6f5ecd..576c2724 100644 --- a/plugins/calendar/drivers/kolab/kolab_driver.php +++ b/plugins/calendar/drivers/kolab/kolab_driver.php @@ -230,6 +230,17 @@ class kolab_driver extends calendar_driver } } + // Check access rights to the parent folder + if (strlen($parent)) { + $this->rc->imap_connect(); + $parent_opts = $this->rc->imap->mailbox_info($parent); + if ($parent_opts['namespace'] != 'personal' + && (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts))) + ) { + return false; + } + } + if (!empty($options) && ($options['protected'] || $options['norename'])) { $folder = $oldfolder; } @@ -761,17 +772,17 @@ class kolab_driver extends calendar_driver public function get_freebusy_list($email, $start, $end) { require_once('Horde/iCalendar.php'); - + if (empty($email)/* || $end < time()*/) return false; - + // map vcalendar fbtypes to internal values $fbtypemap = array( 'FREE' => calendar::FREEBUSY_FREE, 'BUSY-TENTATIVE' => calendar::FREEBUSY_TENTATIVE, 'X-OUT-OF-OFFICE' => calendar::FREEBUSY_OOF, 'OOF' => calendar::FREEBUSY_OOF); - + // ask kolab server first $fbdata = @file_get_contents(rcube_kolab::get_freebusy_url($email)); @@ -780,7 +791,7 @@ class kolab_driver extends calendar_driver $fburl = null; foreach ((array)$this->rc->config->get('autocomplete_addressbooks', 'sql') as $book) { $abook = $this->rc->get_address_book($book); - + if ($result = $abook->search(array('email'), $email, true, true, true/*, 'freebusyurl'*/)) { while ($contact = $result->iterate()) { if ($fburl = $contact['freebusyurl']) { @@ -789,12 +800,12 @@ class kolab_driver extends calendar_driver } } } - + if ($fbdata) break; } } - + // parse free-busy information using Horde classes if ($fbdata) { $fbcal = new Horde_iCalendar; @@ -820,10 +831,10 @@ class kolab_driver extends calendar_driver return $result; } } - + return false; } - + /** * Handler to push folder triggers when sent from client. * Used to push free-busy changes asynchronously after updating an event @@ -837,7 +848,7 @@ class kolab_driver extends calendar_driver $cal = get_input_value('source', RCUBE_INPUT_GPC); if (!($storage = $this->calendars[$cal])) return false; - + // trigger updates on folder $folder = $storage->get_folder(); $trigger = $folder->trigger(); diff --git a/plugins/kolab_addressbook/kolab_addressbook.php b/plugins/kolab_addressbook/kolab_addressbook.php index 207f5412..1d88afb4 100644 --- a/plugins/kolab_addressbook/kolab_addressbook.php +++ b/plugins/kolab_addressbook/kolab_addressbook.php @@ -211,10 +211,11 @@ class kolab_addressbook extends rcube_plugin */ public function get_address_book($p) { - $this->_list_sources(); - - if ($this->sources[$p['id']]) { - $p['instance'] = $this->sources[$p['id']]; + if ($p['id']) { + $this->_list_sources(); + if ($this->sources[$p['id']]) { + $p['instance'] = $this->sources[$p['id']]; + } } return $p; @@ -444,6 +445,17 @@ class kolab_addressbook extends rcube_plugin } } + // Check access rights to the parent folder + if (!$error && strlen($path)) { + $this->rc->imap_connect(); + $parent_opts = $this->rc->imap->mailbox_info($path); + if ($parent_opts['namespace'] != 'personal' + && (empty($parent_opts['rights']) || !preg_match('/[ck]/', implode($parent_opts))) + ) { + $error = rcube_label('parentnotwritable'); + } + } + if (!$error) { if (!empty($options) && ($options['protected'] || $options['norename'])) { $folder = $oldfolder;