http://www.politiker-stopp.de/gfx/politiker-stopp-print.png

Benjamin Schieder

ICH MAG NICHT MEHR...

2013 May 17 | 1 comments

Ich mag nicht mehr… Ich mag einfach nicht mehr…
Ich mag echt nicht mehr mit solcher Schrottsoftware wie OwnCloud arbeiten; hat bitte jemand eine Alternative fuer mich?

Highlight des Tages: PROPFIND /.well-known/carddav

<?xml version="1.0" encoding="utf-8"?>
<D:propfind xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:carddav"><D:prop>
<D:current-user-principal/>
<D:resourcetype />
<D:displayname />
<C:addressbook-home-set/>
</D:prop></D:propfind>

Unter OwnCloud 5.0.5 hat das die korrekte XML Antwort der CardDAV Ressourcen des sich authentifizierenden Users gegeben:

<?xml version="1.0" encoding="utf-8"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:card="urn:ietf:params:xml:ns:carddav">
	<d:response>
		<d:href>/remote.php/carddav/</d:href>
		<d:propstat>
			<d:prop>
				<d:current-user-principal>
					<d:href>/remote.php/carddav/principals/b***r@s***r.h***p.n***t/</d:href>
				</d:current-user-principal>
				<d:resourcetype>
					<d:collection/>
				</d:resourcetype>
			</d:prop>
			<d:status>HTTP/1.1 200 OK</d:status>
		</d:propstat>
		<d:propstat>
			<d:prop>
				<d:displayname/>
				<card:addressbook-home-set/>
			</d:prop>
			<d:status>HTTP/1.1 404 Not Found</d:status>
		</d:propstat>
	</d:response>
	<d:response>
		<d:href>/remote.php/carddav/principals/</d:href>
		<d:propstat>
			<d:prop>
				<d:current-user-principal>
					<d:href>/remote.php/carddav/principals/b***r@s***r.h***p.n***t/</d:href>
				</d:current-user-principal>
				<d:resourcetype>
					<d:collection/>
				</d:resourcetype>
			</d:prop>
			<d:status>HTTP/1.1 200 OK</d:status>
		</d:propstat>
		<d:propstat>
			<d:prop>
				<d:displayname/>
				<card:addressbook-home-set/>
			</d:prop>
			<d:status>HTTP/1.1 404 Not Found</d:status>
		</d:propstat>
	</d:response>
	<d:response>
		<d:href>/remote.php/carddav/addressbooks/</d:href>
		<d:propstat>
			<d:prop>
				<d:current-user-principal>
					<d:href>/remote.php/carddav/principals/b***r@s***r.h***p.n***t/</d:href>
				</d:current-user-principal>
				<d:resourcetype>
					<d:collection/>
				</d:resourcetype>
			</d:prop>
			<d:status>HTTP/1.1 200 OK</d:status>
		</d:propstat>
		<d:propstat>
			<d:prop>
				<d:displayname/>
				<card:addressbook-home-set/>
			</d:prop>
			<d:status>HTTP/1.1 404 Not Found</d:status>
		</d:propstat>
	</d:response>
</d:multistatus>

Und unter dem tollen neuen - ein halbes Dutzend XSS und CSRF Fehler behenden - 5.0.6 bekomme ich trommelwirbel eine HTML-LOGIN SEITE!

<!DOCTYPE html>
<!--[if lt IE 7]><html class="ng-csp ie ie6 lte9 lte8 lte7"><![endif]-->
<!--[if IE 7]><html class="ng-csp ie ie7 lte9 lte8 lte7"><![endif]-->
<!--[if IE 8]><html class="ng-csp ie ie8 lte9 lte8"><![endif]-->
<!--[if IE 9]><html class="ng-csp ie ie9 lte9"><![endif]-->
<!--[if gt IE 9]><html class="ng-csp ie"><![endif]-->
<!--[if !IE]><!--><html class="ng-csp"><!--<![endif]-->
        <head data-requesttoken="84f010760acb3ec5bbe6">
                <title>ownCloud</title>
                <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                <meta name="apple-itunes-app" content="app-id=543672169">
                <link rel="shortcut icon" href="/core/img/favicon.png" />
                <link rel="apple-touch-icon-precomposed" href="/core/img/favicon-touch.png" />
                                        <link rel="stylesheet" href="/remote.php/core.css?v=389bc7bb1e1c2a5e7e147703232a88f6" type="text/css" media="screen" />
                                                        <script type="text/javascript" src="/index.php/core/js/config.js?v=389bc7bb1e1c2a5e7e147703232a88f6"></script>
                                        <script type="text/javascript" src="/remote.php/core.js?v=389bc7bb1e1c2a5e7e147703232a88f6"></script>
                                        <script type="text/javascript" src="/core/js/visitortimezone.js?v=389bc7bb1e1c2a5e7e147703232a88f6"></script>

                        </head>

        <body id="body-login">
                <div id="login">
                        <header><div id="header">
                                <img src="/core/img/logo.svg" class="svg" alt="ownCloud" />
                        </div></header>
                        <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post">
        <fieldset>
                        <ul>
                                                                </ul>
                <p class="infield grouptop">
                        <input type="text" name="user" id="user" placeholder=""
                                   value="" autofocus                              autocomplete="on" required/>
                        <label for="user" class="infield">Username</label>
                        <img class="svg" src="/core/img/actions/user.svg" alt=""/>
                </p>

                <p class="infield groupbottom">
                        <input type="password" name="password" id="password" value="" data-typetoggle="#show" placeholder=""
                                   required />
                        <label for="password" class="infield">Password</label>
                        <img class="svg" id="password-icon" src="/core/img/actions/password.svg" alt=""/>
                        <input type="checkbox" id="show" name="show" />
                        <label for="show"></label>
                </p>
                <input type="checkbox" name="remember_login" value="1" id="remember_login"/><label
                        for="remember_login">remember</label>
                <input type="hidden" name="timezone-offset" id="timezone-offset"/>
                <input type="submit" id="submit" class="login primary" value="Log in"/>
        </fieldset>
</form>

                </div>
                <footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> &ndash;
                        web services under your control</p></footer>
        </body>
</html>

Ich weiss nicht, was ich dazu noch gross sagen soll…

EOF

Category: blog

Tags: TechSucks ownCloud CardDAV Roundcube RCMCardDAV


1 Comment

From: mirabilos
2013-05-21 14:17

Ich hab nem Kollegen zu git-annex (wahlweise mit oder ohne git-annex-assistant) geraten, seither ist er glücklich.

Post a comment

All comments are held for moderation; basic HTML formatting is accepted.

Name: (required)
E-mail: (required, not published)
Website: (optional)
Comment: