caldav-adapter 8.2.9 → 8.2.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/common/parse-body.js
CHANGED
|
@@ -17,6 +17,10 @@ module.exports = async function (ctx) {
|
|
|
17
17
|
if (ctx.request.type.includes('xml')) {
|
|
18
18
|
try {
|
|
19
19
|
ctx.request.xml = new DOMParser().parseFromString(ctx.request.body);
|
|
20
|
+
// Ensure we have a valid document, otherwise set to null
|
|
21
|
+
if (!ctx.request.xml || typeof ctx.request.xml !== 'object') {
|
|
22
|
+
ctx.request.xml = null;
|
|
23
|
+
}
|
|
20
24
|
} catch (err) {
|
|
21
25
|
if (ctx.logger) ctx.logger.warn(err);
|
|
22
26
|
else if (ctx?.app?.emit) ctx.app.emit('error', err, ctx);
|
package/common/xml.js
CHANGED
|
@@ -21,6 +21,11 @@ module.exports.nsLookup = nsLookup;
|
|
|
21
21
|
const select = xpath.useNamespaces(namespaces);
|
|
22
22
|
|
|
23
23
|
function get(path, doc) {
|
|
24
|
+
// Validate that doc is a proper XML document
|
|
25
|
+
if (!doc || typeof doc !== 'object') {
|
|
26
|
+
throw new Error('Invalid XML document: document is null or not an object');
|
|
27
|
+
}
|
|
28
|
+
|
|
24
29
|
return select(path, doc);
|
|
25
30
|
}
|
|
26
31
|
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "caldav-adapter",
|
|
3
3
|
"description": "CalDAV server for Node.js and Koa. Modernized and maintained for Forward Email.",
|
|
4
|
-
"version": "8.2.
|
|
4
|
+
"version": "8.2.10",
|
|
5
5
|
"author": "Sanders DeNardi and Forward Email LLC",
|
|
6
6
|
"contributors": [
|
|
7
7
|
"Sanders DeNardi <sedenardi@gmail.com> (http://www.sandersdenardi.com/)",
|
|
@@ -13,6 +13,7 @@ module.exports = function (options) {
|
|
|
13
13
|
const log = winston({ ...options, label: 'principal' });
|
|
14
14
|
const methods = {
|
|
15
15
|
propfind: routePropfind(options),
|
|
16
|
+
get: routePropfind(options), // Handle GET same as PROPFIND for redirected requests
|
|
16
17
|
// report: reportReport(opts)
|
|
17
18
|
//
|
|
18
19
|
// TODO: proppatch
|
|
@@ -26,7 +27,7 @@ module.exports = function (options) {
|
|
|
26
27
|
const method = ctx.method.toLowerCase();
|
|
27
28
|
|
|
28
29
|
if (method === 'options') {
|
|
29
|
-
setOptions(ctx, ['OPTIONS', 'PROPFIND']);
|
|
30
|
+
setOptions(ctx, ['OPTIONS', 'PROPFIND', 'GET']);
|
|
30
31
|
return;
|
|
31
32
|
}
|
|
32
33
|
|
|
@@ -11,6 +11,11 @@ const commonTags = require('../../common/tags');
|
|
|
11
11
|
module.exports = function (options) {
|
|
12
12
|
const tags = commonTags(options);
|
|
13
13
|
return async function (ctx) {
|
|
14
|
+
// Validate XML document before processing
|
|
15
|
+
if (!ctx.request.xml) {
|
|
16
|
+
ctx.throw(400, 'Invalid or missing XML in PROPFIND request');
|
|
17
|
+
}
|
|
18
|
+
|
|
14
19
|
const { children } = xml.getWithChildren(
|
|
15
20
|
'/D:propfind/D:prop',
|
|
16
21
|
ctx.request.xml
|