From 965577c5d820975d1c24cb11ab7b85f9d9f73c99 Mon Sep 17 00:00:00 2001
From: Marcel Hofer <marcel.hofer1@swisscom.com>
Date: Wed, 27 Feb 2019 23:16:23 +0100
Subject: [PATCH] fix path check

---
 data/web/sogo-auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 37e6f75f..0cc4beee 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -57,8 +57,8 @@ elseif (isset($_GET['login'])) {
 }
 // do not check for admin-login / sogo-sso for EAS and DAV requests, SOGo can check auth itself if no authorization header is set
 elseif (
-  strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 28), "/Microsoft-Server-ActiveSync") == 0 &&
-  strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9), "/SOGo/dav") == 0
+  strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 28), "/Microsoft-Server-ActiveSync") !== 0 &&
+  strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9), "/SOGo/dav") !== 0
 ) {
   // this is an nginx auth_request call, we check for existing sogo-sso session variables
   session_start();