This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 08fddf8706 WebDAV improvements
08fddf8706 is described below
commit 08fddf870615a2689b1eb2765fa782717fd1c4aa
Author: remm <[email protected]>
AuthorDate: Tue Oct 15 13:31:13 2024 +0200
WebDAV improvements
Send 415 response to WebDAV MKCOL operations that include a request
body since this is non standardized and it is the recommended status
code when the server does not understand the request.
Enforce DAV: namespace on WebDAV XML elements (and also remove hacky
match code).
---
.../apache/catalina/servlets/WebdavServlet.java | 74 ++++++++++------------
webapps/docs/changelog.xml | 7 ++
2 files changed, 41 insertions(+), 40 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 71d89e5acc..b8438cad6a 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -512,6 +512,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Get the root element of the document
Element rootElement = document.getDocumentElement();
+ if (!"propfind".equals(getDAVNode(rootElement))) {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
NodeList childList = rootElement.getChildNodes();
for (int i = 0; i < childList.getLength(); i++) {
@@ -520,14 +524,15 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- if (currentNode.getNodeName().endsWith("prop")) {
+ String nodeName = getDAVNode(currentNode);
+ if ("prop".equals(nodeName)) {
type = FIND_BY_PROPERTY;
propNode = currentNode;
}
- if
(currentNode.getNodeName().endsWith("propname")) {
+ if ("propname".equals(nodeName)) {
type = FIND_PROPERTY_NAMES;
}
- if (currentNode.getNodeName().endsWith("allprop"))
{
+ if ("allprop".equals(nodeName)) {
type = FIND_ALL_PROP;
}
break;
@@ -552,15 +557,12 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String nodeName = currentNode.getNodeName();
- String propertyName = null;
- if (nodeName.indexOf(':') != -1) {
- propertyName =
nodeName.substring(nodeName.indexOf(':') + 1);
- } else {
- propertyName = nodeName;
- }
// href is a live property which is handled differently
- properties.add(propertyName);
+ String propertyName = getDAVNode(currentNode);
+ // No support for non DAV: properties
+ if (propertyName != null) {
+ properties.add(propertyName);
+ }
break;
}
}
@@ -688,6 +690,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
return;
}
+ // FIXME
resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED);
}
@@ -725,19 +728,9 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
if (req.getContentLengthLong() > 0) {
- DocumentBuilder documentBuilder = getDocumentBuilder();
- try {
- // Document document =
- documentBuilder.parse(new InputSource(req.getInputStream()));
- // TODO : Process this request body
- resp.sendError(WebdavStatus.SC_NOT_IMPLEMENTED);
- return;
-
- } catch (SAXException saxe) {
- // Parse error - assume invalid content
- resp.sendError(WebdavStatus.SC_UNSUPPORTED_MEDIA_TYPE);
- return;
- }
+ // No support for MKCOL bodies, which are non standard
+ resp.sendError(WebdavStatus.SC_UNSUPPORTED_MEDIA_TYPE);
+ return;
}
if (resources.mkdir(path)) {
@@ -920,6 +913,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Get the root element of the document
Element rootElement = document.getDocumentElement();
+ if (!"lockinfo".equals(getDAVNode(rootElement))) {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
lockInfoNode = rootElement;
} catch (IOException | SAXException e) {
lockRequestType = LOCK_REFRESH;
@@ -943,14 +940,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String nodeName = currentNode.getNodeName();
- if (nodeName.endsWith("lockscope")) {
+ if ("lockscope".equals(getDAVNode(currentNode))) {
lockScopeNode = currentNode;
}
- if (nodeName.endsWith("locktype")) {
+ if ("locktype".equals(getDAVNode(currentNode))) {
lockTypeNode = currentNode;
}
- if (nodeName.endsWith("owner")) {
+ if ("owner".equals(getDAVNode(currentNode))) {
lockOwnerNode = currentNode;
}
break;
@@ -966,12 +962,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String tempScope = currentNode.getNodeName();
- if (tempScope.indexOf(':') != -1) {
- lock.scope =
tempScope.substring(tempScope.indexOf(':') + 1);
- } else {
- lock.scope = tempScope;
- }
+ lock.scope = getDAVNode(currentNode);
break;
}
}
@@ -995,12 +986,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.TEXT_NODE:
break;
case Node.ELEMENT_NODE:
- String tempType = currentNode.getNodeName();
- if (tempType.indexOf(':') != -1) {
- lock.type =
tempType.substring(tempType.indexOf(':') + 1);
- } else {
- lock.type = tempType;
- }
+ lock.type = getDAVNode(currentNode);
break;
}
}
@@ -2246,6 +2232,14 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
+ private String getDAVNode(Node node) {
+ if (node.getNamespaceURI().equals(DEFAULT_NAMESPACE)) {
+ return node.getLocalName();
+ }
+ return null;
+ }
+
+
// -------------------------------------------------- LockInfo Inner Class
/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cd6493fcd1..72932e81a5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,13 @@
Verify that destination is not locked for a WebDAV copy operation.
(remm)
</fix>
+ <fix>
+ Send 415 response to WebDAV MKCOL operations that include a request
+ body since this is optional and unsupported. (remm)
+ </fix>
+ <fix>
+ Enforce <code>DAV:</code> namespace on WebDAV XML elements. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
