From b6d8c5ff2fa8602ea3ce622097350c9b28fee628 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20Molakvo=C3=A6=20=28skjnldsv=29?=
 <skjnldsv@protonmail.com>
Date: Sat, 3 Nov 2018 19:03:32 +0100
Subject: [PATCH] Add check for vCard uid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
---
 apps/dav/lib/CardDAV/CardDavBackend.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/apps/dav/lib/CardDAV/CardDavBackend.php b/apps/dav/lib/CardDAV/CardDavBackend.php
index a8907f631c..eb94885d17 100644
--- a/apps/dav/lib/CardDAV/CardDavBackend.php
+++ b/apps/dav/lib/CardDAV/CardDavBackend.php
@@ -611,6 +611,19 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 		$etag = md5($cardData);
 		$uid = $this->getUID($cardData);
 
+		$q = $this->db->getQueryBuilder();
+		$q->select('uid')
+			->from('cards')
+			->where($q->expr()->eq('addressbookid', $q->createNamedParameter($addressBookId)))
+			->andWhere($q->expr()->eq('uid', $q->createNamedParameter($uid)))
+			->setMaxResults(1);
+		$result = $q->execute();
+		$count = (bool) $result->fetchColumn();
+		$result->closeCursor();
+		if ($count) {
+			throw new \Sabre\DAV\Exception\BadRequest('VCard object with uid already exists in this addressbook collection.');
+		}
+
 		$query = $this->db->getQueryBuilder();
 		$query->insert('cards')
 			->values([