ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix(mail): vendor AWL — Z-Push's CalDAV client requires it at login
ci / changes (push) Successful in 4s
Details
ci / tc_portal (push) Has been skipped
Details
ci / tc_booking (push) Has been skipped
Details
ci / tc_operator (push) Has been skipped
Details
ci / tc_platform_api (push) Has been skipped
Details
ci / test_platform_api (push) Has been skipped
Details
ci / build_portal (push) Has been skipped
Details
ci / build_booking (push) Has been skipped
Details
ci / build_operator (push) Has been skipped
Details
ci / build_platform_api (push) Has been skipped
Details
ci / tc_website (push) Has been skipped
Details
ci / build_zpush (push) Successful in 17s
Details
ci / deploy (push) Successful in 25s
Details

Browse Source 
include/z_caldav.php needs XMLDocument.php from AWL (Andrew's Web
Libraries); the Debian z-push packages pull php-awl in automatically
but bookworm dropped the package, so vendor it from upstream at
r0.65 into /usr/share/awl/inc (already on Z-Push's include_path).
Only surfaces on *authenticated* requests: combined login hits IMAP
first, so fake-credential smoke tests never reach the CalDAV class.

Hardening from the same incident: a build-time class-load smoke test
fails the image if any backend dependency is missing, and
zend.exception_ignore_args stops uncaught fatals from logging the
raw passwords Z-Push passes through Logon().
This commit is contained in:
Ronni Baslund
2026-06-12 14:21:55 +02:00
parent 959223c044
commit 9bc89bcd5d
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/zpush/php/zpush.ini
+3
View File
@@ -9,3 +9,6 @@ log_errors = On
error_log = /dev/stderr
display_errors = Off
expose_php = Off
; Never capture function arguments in exception traces — Z-Push passes raw
; passwords through Logon(), and an uncaught fatal would log them.
zend.exception_ignore_args = 1