Fix bug 761178 - Malformed URL can cause Lightning to delete complete calendar file (CalDAV). r=philipp,a=philipp
authorFlorian Schlichting <fschlich@zedat.fu-berlin.de>
Thu, 29 Nov 2012 18:25:15 +0100
changeset 13612 e31303ce709860a4a5c5c101344f01f7ddc48ef0
parent 13611 b72e2bda999c7f8fcd69456469289ef1e4ce0274
child 13613 2e776ed93daa3803af219b8b149374c8cb60123c
push id31
push usermatthew.mecca@gmail.com
push dateFri, 08 Feb 2013 20:12:53 +0000
reviewersphilipp, philipp
bugs761178
Fix bug 761178 - Malformed URL can cause Lightning to delete complete calendar file (CalDAV). r=philipp,a=philipp
calendar/providers/caldav/calDavCalendar.js
--- a/calendar/providers/caldav/calDavCalendar.js
+++ b/calendar/providers/caldav/calDavCalendar.js
@@ -790,16 +790,26 @@ calDavCalendar.prototype = {
         if (aUri) {
             eventUri = aUri;
         } else if (aFromInbox || this.mItemInfoCache[aItem.id].isInboxItem) {
             eventUri = this.makeUri(this.mItemInfoCache[aItem.id].locationPath, this.mInboxUrl);
         } else {
             eventUri = this.makeUri(this.mItemInfoCache[aItem.id].locationPath);
         }
 
+        if (eventUri.path == this.calendarUri.path) {
+            this.notifyOperationComplete(aListener,
+                                         Components.results.NS_ERROR_FAILURE,
+                                         Components.interfaces.calIOperationListener.DELETE,
+                                         aItem.id,
+                                         "eventUri and calendarUri paths are the same, " +
+                                         "will not go on to delete entire calendar");
+            return;
+        }
+
         var thisCalendar = this;
 
         let delListener = {
             onStreamComplete: function caldav_dDI_del_onStreamComplete(aLoader, aContext, aStatus, aResultLength, aResult) {
                 let request = aLoader.request.QueryInterface(Components.interfaces.nsIHttpChannel);
                 let listenerStatus = Components.results.NS_OK;
                 let listenerDetail = aItem;
                 try {
@@ -931,17 +941,20 @@ calDavCalendar.prototype = {
      * @param path      Item path MUST NOT BE ENCODED
      * @param calData   iCalendar string representation of the item
      * @param aUri      Base URI of the request
      * @param aListener Listener
      */
     addTargetCalendarItem : function caldav_addTargetCalendarItem(path,calData,aUri, etag, aListener) {
         let parser = Components.classes["@mozilla.org/calendar/ics-parser;1"]
                                .createInstance(Components.interfaces.calIIcsParser);
-        let uriPathComponentLength = aUri.path.split("/").length;
+        // aUri.path may contain double slashes whereas path does not
+        // this confuses our counting, so remove multiple successive slashes
+        let strippedUriPath = aUri.path.replace(/\/{2,}/g, "/");
+        let uriPathComponentLength = strippedUriPath.split("/").length;
         try {
             parser.parseString(calData);
         } catch (e) {
             // Warn and continue.
             // TODO As soon as we have activity manager integration,
             // this should be replace with logic to notify that a
             // certain event failed.
             cal.WARN("Failed to parse item: " + calData + "\n\nException:" + e);