This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 11026ec2f0 WebDAV improvements
11026ec2f0 is described below
commit 11026ec2f0c59976486cdd4aa373fdc04b60d7d5
Author: remm <[email protected]>
AuthorDate: Tue Oct 15 13:31:13 2024 +0200
WebDAV improvements
Send 415 response to WebDAV MKCOL operations that include a request
body since this is non standardized and it is the recommended status
code when the server does not understand the request.
Enforce DAV: namespace on WebDAV XML elements (and also remove hacky
match code).
---
.../apache/catalina/servlets/WebdavServlet.java | 74 ++++++++++------------
webapps/docs/changelog.xml | 7 ++
2 files changed, 41 insertions(+), 40 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 3b172beea7..59814d8150 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -513,6 +513,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Get the root element of the document
Element rootElement = document.getDocumentElement();
+ if (!"propfind".equals(getDAVNode(rootElement))) {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
NodeList childList = rootElement.getChildNodes();
for (int i = 0; i < childList.getLength(); i++) {
@@ -521,14 +525,15 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- if (currentNode.getNodeName().endsWith("prop")) {
+ String nodeName = getDAVNode(currentNode);
+ if ("prop".equals(nodeName)) {
type = FIND_BY_PROPERTY;
propNode = currentNode;
}
- if
(currentNode.getNodeName().endsWith("propname")) {
+ if ("propname".equals(nodeName)) {
type = FIND_PROPERTY_NAMES;
}
- if (currentNode.getNodeName().endsWith("allprop"))
{
+ if ("allprop".equals(nodeName)) {
type = FIND_ALL_PROP;
}
break;
@@ -553,15 +558,12 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String nodeName = currentNode.getNodeName();
- String propertyName = null;
- if (nodeName.indexOf(':') != -1) {
- propertyName =
nodeName.substring(nodeName.indexOf(':') + 1);
- } else {
- propertyName = nodeName;
- }
// href is a live property which is handled differently
- properties.add(propertyName);
+ String propertyName = getDAVNode(currentNode);
+ // No support for non DAV: properties
+ if (propertyName != null) {
+ properties.add(propertyName);
+ }
break;
}
}
@@ -689,6 +691,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
return;
}
+ // FIXME
resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED);
}
@@ -726,19 +729,9 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
if (req.getContentLengthLong() > 0) {
- DocumentBuilder documentBuilder = getDocumentBuilder();
- try {
- // Document document =
- documentBuilder.parse(new InputSource(req.getInputStream()));
- // TODO : Process this request body
- resp.sendError(WebdavStatus.SC_NOT_IMPLEMENTED);
- return;
-
- } catch (SAXException saxe) {
- // Parse error - assume invalid content
- resp.sendError(WebdavStatus.SC_UNSUPPORTED_MEDIA_TYPE);
- return;
- }
+ // No support for MKCOL bodies, which are non standard
+ resp.sendError(WebdavStatus.SC_UNSUPPORTED_MEDIA_TYPE);
+ return;
}
if (resources.mkdir(path)) {
@@ -921,6 +914,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Get the root element of the document
Element rootElement = document.getDocumentElement();
+ if (!"lockinfo".equals(getDAVNode(rootElement))) {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
lockInfoNode = rootElement;
} catch (IOException | SAXException e) {
lockRequestType = LOCK_REFRESH;
@@ -944,14 +941,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String nodeName = currentNode.getNodeName();
- if (nodeName.endsWith("lockscope")) {
+ if ("lockscope".equals(getDAVNode(currentNode))) {
lockScopeNode = currentNode;
}
- if (nodeName.endsWith("locktype")) {
+ if ("locktype".equals(getDAVNode(currentNode))) {
lockTypeNode = currentNode;
}
- if (nodeName.endsWith("owner")) {
+ if ("owner".equals(getDAVNode(currentNode))) {
lockOwnerNode = currentNode;
}
break;
@@ -967,12 +963,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String tempScope = currentNode.getNodeName();
- if (tempScope.indexOf(':') != -1) {
- lock.scope =
tempScope.substring(tempScope.indexOf(':') + 1);
- } else {
- lock.scope = tempScope;
- }
+ lock.scope = getDAVNode(currentNode);
break;
}
}
@@ -996,12 +987,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String tempType = currentNode.getNodeName();
- if (tempType.indexOf(':') != -1) {
- lock.type =
tempType.substring(tempType.indexOf(':') + 1);
- } else {
- lock.type = tempType;
- }
+ lock.type = getDAVNode(currentNode);
break;
}
}
@@ -2247,6 +2233,14 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
+ private String getDAVNode(Node node) {
+ if (node.getNamespaceURI().equals(DEFAULT_NAMESPACE)) {
+ return node.getLocalName();
+ }
+ return null;
+ }
+
+
// -------------------------------------------------- LockInfo Inner Class
/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5cbafad3d2..ceae64897e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,13 @@
Verify that destination is not locked for a WebDAV copy operation.
(remm)
</fix>
+ <fix>
+ Send 415 response to WebDAV MKCOL operations that include a request
+ body since this is optional and unsupported. (remm)
+ </fix>
+ <fix>
+ Enforce <code>DAV:</code> namespace on WebDAV XML elements. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
