This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 9b433a9a8b Use getPathPrefix() consistently
9b433a9a8b is described below
commit 9b433a9a8b2d8ab87ddf0a1e1226d43e972aa1bf
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Oct 3 14:36:47 2024 +0100
Use getPathPrefix() consistently
If WebDAV editing is enabled at a sepcific sub-path, getPathPrefix()
needs to be used to ensure paths are processed correctly.
---
java/org/apache/catalina/servlets/WebdavServlet.java | 8 ++++----
webapps/docs/changelog.xml | 5 +++++
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 611a85c88c..b18953ba2a 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1467,14 +1467,14 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
// Cross-context operations aren't supported
- String reqContextPath = req.getContextPath();
+ String reqContextPath = getPathPrefix(req);
if (!destinationPath.startsWith(reqContextPath + "/")) {
resp.sendError(WebdavStatus.SC_FORBIDDEN);
return false;
}
// Remove context path & servlet path
- destinationPath = destinationPath.substring(reqContextPath.length() +
req.getServletPath().length());
+ destinationPath = destinationPath.substring(reqContextPath.length());
if (debug > 0) {
log("Dest path: " + destinationPath);
@@ -1825,7 +1825,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
generatedXML.writeElement("D", "response", XMLWriter.OPENING);
generatedXML.writeElement("D", "href", XMLWriter.OPENING);
- generatedXML.writeText(req.getContextPath() + errorPath);
+ generatedXML.writeText(getPathPrefix(req) + errorPath);
generatedXML.writeElement("D", "href", XMLWriter.CLOSING);
generatedXML.writeElement("D", "status", XMLWriter.OPENING);
@@ -1867,7 +1867,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
return;
}
- String href = req.getContextPath() + req.getServletPath();
+ String href = getPathPrefix(req);
if ((href.endsWith("/")) && (path.startsWith("/"))) {
href += path.substring(1);
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a71809810a..4a5167b7cf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -165,6 +165,11 @@
collection via WebDAV fails. Empty directories that cannot be deleted
will now be included in the response. (markt)
</fix>
+ <fix>
+ <bug>69363</bug>: Use <code>getPathPrefix()</code> consistently in the
+ WebDAV servlet to ensure that the correct path is used when the WebDAV
+ servlet is mounted at a sub-path within the web application. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
