From fa80d66d6c855e75de14b298103828a0a9a5d469 Mon Sep 17 00:00:00 2001
From: Marcel Hofer <marcel.hofer1@swisscom.com>
Date: Wed, 27 Feb 2019 23:14:30 +0100
Subject: [PATCH] match EAS and SOGO/dav case insensitive

---
 data/web/sogo-auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index ae882f26..37e6f75f 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -57,8 +57,8 @@ elseif (isset($_GET['login'])) {
 }
 // do not check for admin-login / sogo-sso for EAS and DAV requests, SOGo can check auth itself if no authorization header is set
 elseif (
-    substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 28) !== "/Microsoft-Server-ActiveSync" &&
-    substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9) !== "/SOGo/dav"
+  strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 28), "/Microsoft-Server-ActiveSync") == 0 &&
+  strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9), "/SOGo/dav") == 0
 ) {
   // this is an nginx auth_request call, we check for existing sogo-sso session variables
   session_start();