This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 78f2024471 Fix unintended escaping of XML in some WebDAV responses
78f2024471 is described below
commit 78f2024471d89eec9b1f2b6b2407e97c144a92dd
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Nov 29 17:04:19 2023 +0000
Fix unintended escaping of XML in some WebDAV responses
The XML list of support locks when provided in response to a PROPFIND
request was incorrectly XML escaped
---
java/org/apache/catalina/servlets/WebdavServlet.java | 4 ++--
java/org/apache/catalina/util/XMLWriter.java | 10 ++++++++++
webapps/docs/changelog.xml | 5 +++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index f941a23d6e..1f1aae190b 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1954,7 +1954,7 @@ public class WebdavServlet extends DefaultServlet {
"<D:lockscope><D:shared/></D:lockscope>" +
"<D:locktype><D:write/></D:locktype>" +
"</D:lockentry>";
generatedXML.writeElement("D", "supportedlock",
XMLWriter.OPENING);
- generatedXML.writeText(supportedLocks);
+ generatedXML.writeRaw(supportedLocks);
generatedXML.writeElement("D", "supportedlock",
XMLWriter.CLOSING);
generateLockDiscovery(path, generatedXML);
@@ -2062,7 +2062,7 @@ public class WebdavServlet extends DefaultServlet {
"<D:lockscope><D:shared/></D:lockscope>" +
"<D:locktype><D:write/></D:locktype>" +
"</D:lockentry>";
generatedXML.writeElement("D", "supportedlock",
XMLWriter.OPENING);
- generatedXML.writeText(supportedLocks);
+ generatedXML.writeRaw(supportedLocks);
generatedXML.writeElement("D", "supportedlock",
XMLWriter.CLOSING);
} else if (property.equals("lockdiscovery")) {
if (!generateLockDiscovery(path, generatedXML)) {
diff --git a/java/org/apache/catalina/util/XMLWriter.java
b/java/org/apache/catalina/util/XMLWriter.java
index 8290b73943..143c305f34 100644
--- a/java/org/apache/catalina/util/XMLWriter.java
+++ b/java/org/apache/catalina/util/XMLWriter.java
@@ -205,6 +205,16 @@ public class XMLWriter {
}
+ /**
+ * Write raw XML data.
+ *
+ * @param raw Raw XML to append
+ */
+ public void writeRaw(String raw) {
+ buffer.append(raw);
+ }
+
+
/**
* Write data.
*
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4099b3aa04..04b77f6b9c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -122,6 +122,11 @@
specification that requires that all HTTP error dispatches use the GET
method. (markt)
</add>
+ <fix>
+ Correct unintended escaping of XML in some WebDAV responses. The XML
+ list of support locks when provided in response to a PROPFIND request
+ was incorrectly XML escaped. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
