This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 9201a0f4d8 Fix WebDAV bugs
9201a0f4d8 is described below
commit 9201a0f4d8c685e21ee998f005d305382fa267b0
Author: remm <[email protected]>
AuthorDate: Mon Oct 14 13:03:41 2024 +0200
Fix WebDAV bugs
Verify that destination is not locked for a WebDAV copy operation.
Missing Lock-Token header in the response when locking a folder (the
token was only in the body).
Invalid lock requests should be rejected with 400.
Fix regression in WebDAV when attempting to unlock a collection (the COW
iterator does not support remove; instead remove on the collection
itself and stop iterating).
---
java/org/apache/catalina/servlets/WebdavServlet.java | 16 +++++++++++++---
webapps/docs/changelog.xml | 14 ++++++++++++++
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index bead3cdc38..3b172beea7 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1144,6 +1144,9 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
if (addLock) {
lock.tokens.add(lockToken);
collectionLocks.add(lock);
+ // Add the Lock-Token header as by RFC 2518 8.10.1
+ // - only do this for newly created locks
+ resp.addHeader("Lock-Token", "<opaquelocktoken:" +
lockToken + ">");
}
} else {
@@ -1190,7 +1193,8 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
String ifHeader = req.getHeader("If");
if (ifHeader == null) {
- ifHeader = "";
+ // Bad request
+ resp.setStatus(WebdavStatus.SC_BAD_REQUEST);
}
// Checking resource locks
@@ -1234,7 +1238,6 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
generatedXML.writeElement("D", "prop", XMLWriter.CLOSING);
- resp.setStatus(WebdavStatus.SC_OK);
resp.setContentType("text/xml; charset=UTF-8");
Writer writer = resp.getWriter();
writer.write(generatedXML.toString());
@@ -1305,9 +1308,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
if (lock.tokens.isEmpty()) {
- collectionLocksList.remove();
+ collectionLocks.remove(lock);
// Removing any lock-null resource which would be present
removeLockNull(path);
+ break;
}
}
}
@@ -1501,6 +1505,12 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
return false;
}
+ // Check if destination is locked
+ if (isLocked(destinationPath, req)) {
+ resp.sendError(WebdavStatus.SC_LOCKED);
+ return false;
+ }
+
boolean overwrite = true;
String overwriteHeader = req.getHeader("Overwrite");
if (overwriteHeader != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 001d5df5cf..6775c825a7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,20 @@
Avoid NPE in <code>CrawlerSessionManagerValve</code> for partially
mapped requests. (remm)
</fix>
+ <fix>
+ Add missing WebDAV <code>Lock-Token</code> header in the response when
+ locking a folder. (remm)
+ </fix>
+ <fix>
+ Invalid WebDAV lock requests should be rejected with 400. (remm)
+ </fix>
+ <fix>
+ Fix regression in WebDAV when attempting to unlock a collection. (remm)
+ </fix>
+ <fix>
+ Verify that destination is not locked for a WebDAV copy operation.
+ (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
