svn commit: r743771 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/servlets/WebdavServlet.java webapps/docs/changelog.xml

Thu, 12 Feb 2009 06:54:30 -0800 

Author: markt
Date: Thu Feb 12 14:54:02 2009
New Revision: 743771

URL: http://svn.apache.org/viewvc?rev=743771&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46606
Make max depth configurable for WebDAV servlet

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=743771&r1=743770&r2=743771&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Feb 12 14:54:02 2009
@@ -124,12 +124,6 @@
   +1: markt, fhanik
   -1: 
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46606
-  Make max depth configurable for WebDAV servlet
-  http://svn.apache.org/viewvc?rev=740635&view=rev
-  +1: markt, remm, funkman
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38197
   Take account of jsp:attribute elements when naming tag pools
   http://svn.apache.org/viewvc?rev=740675&view=rev

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=743771&r1=743770&r2=743771&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java 
Thu Feb 12 14:54:02 2009
@@ -133,12 +133,6 @@
 
 
     /**
-     * Default depth is infite.
-     */
-    private static final int INFINITY = 3; // To limit tree browsing a bit
-
-
-    /**
      * PROPFIND - Specify a property mask.
      */
     private static final int FIND_BY_PROPERTY = 0;
@@ -251,6 +245,13 @@
     private String secret = "catalina";
 
 
+    /**
+     * Default depth in spec is infinite. Limit depth to 3 by default as
+     * infinite depth makes operations very expensive.
+     */
+    private int maxDepth = 3;
+
+
     // --------------------------------------------------------- Public Methods
 
 
@@ -265,6 +266,10 @@
         if (getServletConfig().getInitParameter("secret") != null)
             secret = getServletConfig().getInitParameter("secret");
 
+        if (getServletConfig().getInitParameter("maxDepth") != null)
+            maxDepth = Integer.parseInt(
+                    getServletConfig().getInitParameter("maxDepth"));
+
         // Load the MD5 helper used to calculate signatures.
         try {
             md5Helper = MessageDigest.getInstance("MD5");
@@ -439,21 +444,21 @@
         // Properties which are to be displayed.
         Vector<String> properties = null;
         // Propfind depth
-        int depth = INFINITY;
+        int depth = maxDepth;
         // Propfind type
         int type = FIND_ALL_PROP;
 
         String depthStr = req.getHeader("Depth");
 
         if (depthStr == null) {
-            depth = INFINITY;
+            depth = maxDepth;
         } else {
             if (depthStr.equals("0")) {
                 depth = 0;
             } else if (depthStr.equals("1")) {
                 depth = 1;
             } else if (depthStr.equals("infinity")) {
-                depth = INFINITY;
+                depth = maxDepth;
             }
         }
 
@@ -880,12 +885,12 @@
         String depthStr = req.getHeader("Depth");
 
         if (depthStr == null) {
-            lock.depth = INFINITY;
+            lock.depth = maxDepth;
         } else {
             if (depthStr.equals("0")) {
                 lock.depth = 0;
             } else {
-                lock.depth = INFINITY;
+                lock.depth = maxDepth;
             }
         }
 
@@ -1092,7 +1097,7 @@
                 md5Encoder.encode(md5Helper.digest(lockTokenStr.getBytes()));
 
             if ( (exists) && (object instanceof DirContext) &&
-                 (lock.depth == INFINITY) ) {
+                 (lock.depth == maxDepth) ) {
 
                 // Locking a collection (and all its member resources)
 
@@ -2730,7 +2735,7 @@
             generatedXML.writeElement(null, "lockscope", XMLWriter.CLOSING);
 
             generatedXML.writeElement(null, "depth", XMLWriter.OPENING);
-            if (depth == INFINITY) {
+            if (depth == maxDepth) {
                 generatedXML.writeText("Infinity");
             } else {
                 generatedXML.writeText("0");

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=743771&r1=743770&r2=743771&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Feb 12 14:54:02 2009
@@ -264,6 +264,10 @@
         <bug>46683</bug>: Fix typo in French localisation file name for the
         org.apache.catalina.loader package. (markt)
       </fix>
+      <fix>
+        <bug>46606</bug>: Make the max DEPTH for a WebDAV request configurable.
+        The default is still 3. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to