caldav-adapter 8.3.1 → 8.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "caldav-adapter",
|
|
3
3
|
"description": "CalDAV server for Node.js and Koa. Modernized and maintained for Forward Email.",
|
|
4
|
-
"version": "8.3.
|
|
4
|
+
"version": "8.3.2",
|
|
5
5
|
"author": "Sanders DeNardi and Forward Email LLC",
|
|
6
6
|
"contributors": [
|
|
7
7
|
"Sanders DeNardi <sedenardi@gmail.com> (http://www.sandersdenardi.com/)",
|
|
@@ -18,6 +18,24 @@ module.exports = function (options) {
|
|
|
18
18
|
'sync-collection': sync(options)
|
|
19
19
|
};
|
|
20
20
|
const exec = async function (ctx, calendar) {
|
|
21
|
+
//
|
|
22
|
+
// Check if XML was parsed successfully
|
|
23
|
+
// Per RFC 4918 Section 8.2: "If a server receives XML that is not
|
|
24
|
+
// well-formed, then the server MUST reject the entire request with
|
|
25
|
+
// a 400 (Bad Request)."
|
|
26
|
+
//
|
|
27
|
+
// ctx.request.xml can be null if:
|
|
28
|
+
// 1. The XML body is empty
|
|
29
|
+
// 2. The XML body is malformed and fails to parse
|
|
30
|
+
// 3. The Content-Type is incorrect
|
|
31
|
+
//
|
|
32
|
+
if (!ctx.request.xml || !ctx.request.xml.documentElement) {
|
|
33
|
+
log.debug('report rejected: invalid or empty XML body');
|
|
34
|
+
ctx.status = 400;
|
|
35
|
+
ctx.body = 'Bad Request: invalid or missing XML body';
|
|
36
|
+
return;
|
|
37
|
+
}
|
|
38
|
+
|
|
21
39
|
const rootTag = ctx.request.xml.documentElement.localName;
|
|
22
40
|
const rootAction = rootActions[rootTag];
|
|
23
41
|
log.debug(`report ${rootAction ? 'hit' : 'miss'}: ${rootTag}`);
|