--- /dev/null
+#!/bin/sh
+
+# Copyright 2014, 2015, 2020, 2021 Paul Hänsch
+#
+# This file is part of Confetti.
+#
+# Confetti is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Confetti is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Confetti. If not, see <http://www.gnu.org/licenses/>.
+
+. "$_EXEC/pdiread.sh"
+. "$_EXEC/session_lock.sh"
+. "$_EXEC/cgilite/storage.sh"
+
+unset coursefile attfile tempfile
+
+course="$(POST course |PATH)"; course="${course##*/}"
+coursefile="$_DATA/ical/$course"
+attfile="$_DATA/mappings/attendance"
+
+if ! tempfile="$(CHECK_SLOCK "$coursefile")"; then
+ SET_COOKIE 0 message="NO VALID FILE LOCK"
+ REDIRECT "/courses/?e=${course}"
+ exit 0
+elif [ "$(POST tid)" != "$(transid "$tempfile")" ]; then
+ SET_COOKIE 0 message="INVALID TRANSACTION ID"
+ REDIRECT "/courses/?e=${course}"
+ exit 0
+fi
+
+vcf_escape(){
+ for each in "$@"; do
+ printf %s\\n "$each" \
+ | sed -E ':X;$!{N;bX}; s;\r\n;\n;g; s;([;,\\]);\\\1;g; s;\n;\\n;g;'
+ done \
+ | sed -E ':X;$!{N;bX}; s;\n;\;;g'
+}
+
+ics="$(pdi_load "$tempfile")"
+
+tzid=$(cat /etc/timezone)
+
+ics="$(pdi_update_attrib "$ics" DTSTAMP 1 "TZID=${tzid}")"
+ics="$(pdi_update_value "$ics" DTSTAMP 1 "$(TZ="$tzid" date +%Y%m%dT%H%M%S)")"
+
+dts_year="$( POST DTS_YEAR |grep -m1 -xE '[0-9]{4}' || date +%Y)"
+dts_month="$( POST DTS_MONTH |grep -m1 -xE '0[1-9]|1[012]' || date +%m)"
+dts_day="$( POST DTS_DAY |grep -m1 -xE '0[1-9]|[12][0-9]|3[01]' || date +%d)"
+dts_hour="$( POST DTS_HOUR |grep -m1 -xE '[0-9]|1[0-9]|2[0-3]' || date +%H)"
+dts_minute="$(POST DTS_MINUTE |grep -m1 -xE '[0-9]|[1-5][0-9]' || date +%M)"
+[ ${#dts_hour} -eq 1 ] && dts_minute="0$dts_hour"
+[ ${#dts_minute} -eq 1 ] && dts_minute="0$dts_minute"
+DTSTART="${dts_year}${dts_month}${dts_day}T${dts_hour}${dts_minute}00"
+
+ics="$(pdi_update_attrib "$ics" DTSTART 1 "TZID=${tzid}")"
+ics="$(pdi_update_value "$ics" DTSTART 1 "$DTSTART")"
+
+rr_int=$( POST RRULE_INTERVAL |grep -m1 -xE '[0-9]+' || printf 1)
+rr_count=$(POST RRULE_COUNT |grep -m1 -xE '[0-9]+' || printf 1)
+rr_freq=$( POST RRULE_FREQ |grep -m1 -xE 'DAILY|WEEKLY|MONTHLY|YEARLY' || printf MONTHLY)
+rr_uy=$( POST RRULE_UYEAR |grep -m1 -xE '[0-9]{4}' || date +%Y)
+rr_um=$( POST RRULE_UMONTH |grep -m1 -xE '[1-9]|1[012]' || date +%m)
+rr_ud=$( POST RRULE_UDAY |grep -m1 -xE '[1-9]|[12][0-9]|3[01]' || date +%d)
+[ ${#rr_um} -eq 1 ] && rr_um="0$rr_um"
+[ ${#rr_ud} -eq 1 ] && rr_ud="0$rr_ud"
+
+case $(POST RRULE_LIMIT) in
+ COUNT) RRULE="FREQ=$rr_freq;INTERVAL=$rr_int;COUNT=$rr_count";;
+ UNTIL) RRULE="FREQ=$rr_freq;INTERVAL=$rr_int;UNTIL=${rr_uy}${rr_um}${rr_ud}T000000Z";;
+ ETERN|*) RRULE="FREQ=$rr_freq;INTERVAL=$rr_int";;
+esac
+
+ics="$(pdi_update_value "$ics" RRULE 1 "$RRULE")"
+
+for field in $(POST_KEYS |grep -xE '[A-Z][A-Z0-9-]*'); do
+ for cnt in $(seq 1 $(POST_COUNT "$field")); do
+ case "$field" in
+ *)
+ ics="$(pdi_update_value "$ics" "$field" "$cnt" "$(vcf_escape "$(POST "$field" "$cnt")")")"
+ ;;
+ esac
+done; done
+
+# delete fields, first mark for deletion using delete_key
+# this way the field enumeration is preserved during the process
+# finally filter marked lines
+delete_key="$(randomid)"
+for delete in $(POST_KEYS |grep -xE '[A-Z][A-Z0-9-]*_delete_[0-9]+'); do
+ f="${delete%%_*}"; c="${delete##*_}";
+ [ "$(POST "$delete")" = "true" ] && ics="$(pdi_update_value "$ics" "$f" "$c" "delete=${delete_key}")"
+done
+ics="$(printf '%s\n' "$ics" |sed -E "/^[^:]+:delete=${delete_key}\$/d")"
+
+case "$(POST action)" in
+ addfield)
+ newfield="$(POST newfield |grep -m 1 -xE '[A-Z][A-Z0-9-]*')"
+ ics="$(pdi_update_value "$ics" "$newfield" $(( $(pdi_count "$ics" "$newfield") + 1 )) '')"
+ printf '%s' "$ics" |grep -vx '' >"$tempfile"
+ REDIRECT "/courses/?e=${course}"
+ ;;
+ addfield\ [A-Z]*)
+ newfield="$(POST action |sed -nE '1s;^addfield ([A-Z][A-Z0-9-]*)$;\1;p')"
+ ics="$(pdi_update_value "$ics" "$newfield" $(( $(pdi_count "$ics" "$newfield") + 1 )) '')"
+ printf '%s' "$ics" |grep -vx '' >"$tempfile"
+ REDIRECT "/courses/?e=${course}"
+ ;;
+ update)
+ if LOCK "$attfile"; then
+ grep -F "${course} " "$attfile" |while read junk card; do
+ touch "$_DATA/vcard/${card}"
+ done
+ sed -E -i "/^${course} .+\$/d" "$attfile"
+ seq 1 $(POST_COUNT attendance) |while read n; do
+ printf '%s %s\n' "$course" "$(POST attendance $n)"
+ done >>"$attfile"
+ grep -F "${course} " "$attfile" |while read junk card; do
+ touch "$_DATA/vcard/${card}"
+ done
+ RELEASE "$attfile"
+ else
+ SET_COOKIE 0 message="COULD NOT UPDATE COURSE MAPPINGS"
+ fi
+
+ printf '%s' "$ics" |grep -vx '' >"${tempfile}.cp"
+ mv "${tempfile}.cp" "$coursefile"
+ RELEASE_SLOCK "$coursefile"
+ REDIRECT "/courses/#${course}"
+ ;;
+ cancel)
+ RELEASE_SLOCK "$coursefile"
+ [ -f "$coursefile" ] \
+ && REDIRECT "/courses/#${course}" \
+ || REDIRECT "/courses/"
+ ;;
+ delete)
+ rm "$coursefile"
+ RELEASE_SLOCK "$coursefile"
+ REDIRECT "/courses/"
+ ;;
+ *)
+ printf '%s' "$ics" |grep -vx '' >"$tempfile"
+ REDIRECT "/courses/?e=${course}"
+ ;;
+esac