Re: [PR] webdav lock and unlock: ensure response must not be cached [tomcat]
rmaucher commented on PR #771: URL: https://github.com/apache/tomcat/pull/771#issuecomment-2442698504 Ok, I give up on that one, since it's already done for copyResource. I gave you credit in the commit message. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] webdav lock and unlock: ensure response must not be cached [tomcat]
Chenjp commented on PR #771:
URL: https://github.com/apache/tomcat/pull/771#issuecomment-2441143076
> +1 for the third one (the request will not work so it's better to send the
specified 400 code immediately), I just fixed it. For the other two, about
depth, I left it as is on purpose. There's no status code mentioned for a bad
depth, and there's a default value if absent. IMO pretending it's either 0 if
specified or inifinity otherwise is not bad. Note: There are some items where
you must not be strict like the lock timeout just after the depth header in the
code.
Per rfc4918
[10.2](https://datatracker.ietf.org/doc/html/rfc4918#section-10.2). Depth
Header defines:
Depth = "Depth" ":" ("0" | "1" | "infinity")
Others may be considered as ```400 Bad Request```.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] ExpiresFilter enhance should-not-cacheable verification [tomcat]
Chenjp opened a new pull request, #772: URL: https://github.com/apache/tomcat/pull/772 - Skip response with Cache-Control: no-store. - Introduce "ExpiresIncludedMethods", "ExpiresIncludedResponseStatusCodes" initial parameters to improve configurability. - Testcase added. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69415] ExpiresFilter incorrectly caches responses that are explicitly declared as not cacheable
https://bz.apache.org/bugzilla/show_bug.cgi?id=69415 --- Comment #1 from Chen Jp --- Created attachment 39915 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39915&action=edit test case. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Minor WebDAV fixes
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 86b5218b9c Minor WebDAV fixes
86b5218b9c is described below
commit 86b5218b9c72409ce09b214fd2708d66e3a3d5b3
Author: remm
AuthorDate: Mon Oct 28 22:37:10 2024 +0100
Minor WebDAV fixes
Reject with 400 any Depth header with invalid values (as was done in
copyResource, which I had forgotten about), submitted by Chen Jp.
Reject bad propfind requests with 400.
Accept chunked body for propfind.
---
.../apache/catalina/servlets/WebdavServlet.java| 34 --
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 2497d4e79d..c775b2aa7a 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -816,7 +816,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Propfind depth
int depth = maxDepth;
// Propfind type
-int type = FIND_ALL_PROP;
+int type = -1;
String depthStr = req.getHeader("Depth");
@@ -829,10 +829,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
depth = 1;
} else if (depthStr.equals("infinity")) {
depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-if (req.getContentLengthLong() > 0) {
+if (req.getContentLengthLong() > 0 ||
"chunked".equalsIgnoreCase(req.getHeader("Transfer-Encoding"))) {
DocumentBuilder documentBuilder = getDocumentBuilder();
try {
@@ -854,6 +857,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.ELEMENT_NODE:
String nodeName = getDAVNode(currentNode);
if ("prop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_BY_PROPERTY;
NodeList propChildList =
currentNode.getChildNodes();
for (int j = 0; j < propChildList.getLength();
j++) {
@@ -868,9 +876,19 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
if ("propname".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_PROPERTY_NAMES;
}
if ("allprop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_ALL_PROP;
}
break;
@@ -881,6 +899,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
+if (type == -1) {
+// Nothing meaningful in the propfind element
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
+} else {
+type = FIND_ALL_PROP;
}
WebResource resource = resources.getResource(path);
@@ -1322,8 +1347,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
} else {
if (depthStr.equals("0")) {
lock.depth = 0;
-} else {
+} else if (depthStr.equals("infinity")) {
lock.depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: d
(tomcat) branch 10.1.x updated: Minor WebDAV fixes
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 4387418d2c Minor WebDAV fixes
4387418d2c is described below
commit 4387418d2c280b308fecb6237a909d6f9e2d7f59
Author: remm
AuthorDate: Mon Oct 28 22:37:10 2024 +0100
Minor WebDAV fixes
Reject with 400 any Depth header with invalid values (as was done in
copyResource, which I had forgotten about), submitted by Chen Jp.
Reject bad propfind requests with 400.
Accept chunked body for propfind.
---
.../apache/catalina/servlets/WebdavServlet.java| 34 --
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 7b8de401a0..0ba428ca45 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -814,7 +814,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Propfind depth
int depth = maxDepth;
// Propfind type
-int type = FIND_ALL_PROP;
+int type = -1;
String depthStr = req.getHeader("Depth");
@@ -827,10 +827,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
depth = 1;
} else if (depthStr.equals("infinity")) {
depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-if (req.getContentLengthLong() > 0) {
+if (req.getContentLengthLong() > 0 ||
"chunked".equalsIgnoreCase(req.getHeader("Transfer-Encoding"))) {
DocumentBuilder documentBuilder = getDocumentBuilder();
try {
@@ -852,6 +855,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.ELEMENT_NODE:
String nodeName = getDAVNode(currentNode);
if ("prop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_BY_PROPERTY;
NodeList propChildList =
currentNode.getChildNodes();
for (int j = 0; j < propChildList.getLength();
j++) {
@@ -866,9 +874,19 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
if ("propname".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_PROPERTY_NAMES;
}
if ("allprop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_ALL_PROP;
}
break;
@@ -879,6 +897,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
+if (type == -1) {
+// Nothing meaningful in the propfind element
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
+} else {
+type = FIND_ALL_PROP;
}
WebResource resource = resources.getResource(path);
@@ -1320,8 +1345,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
} else {
if (depthStr.equals("0")) {
lock.depth = 0;
-} else {
+} else if (depthStr.equals("infinity")) {
lock.depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mai
(tomcat) branch 11.0.x updated: Minor WebDAV fixes
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new a51b603528 Minor WebDAV fixes
a51b603528 is described below
commit a51b603528c743ab4de656adf2d3725ae9c9fef0
Author: remm
AuthorDate: Mon Oct 28 22:37:10 2024 +0100
Minor WebDAV fixes
Reject with 400 any Depth header with invalid values (as was done in
copyResource, which I had forgotten about), submitted by Chen Jp.
Reject bad propfind requests with 400.
Accept chunked body for propfind.
---
.../apache/catalina/servlets/WebdavServlet.java| 34 --
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 7b8de401a0..0ba428ca45 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -814,7 +814,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Propfind depth
int depth = maxDepth;
// Propfind type
-int type = FIND_ALL_PROP;
+int type = -1;
String depthStr = req.getHeader("Depth");
@@ -827,10 +827,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
depth = 1;
} else if (depthStr.equals("infinity")) {
depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-if (req.getContentLengthLong() > 0) {
+if (req.getContentLengthLong() > 0 ||
"chunked".equalsIgnoreCase(req.getHeader("Transfer-Encoding"))) {
DocumentBuilder documentBuilder = getDocumentBuilder();
try {
@@ -852,6 +855,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.ELEMENT_NODE:
String nodeName = getDAVNode(currentNode);
if ("prop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_BY_PROPERTY;
NodeList propChildList =
currentNode.getChildNodes();
for (int j = 0; j < propChildList.getLength();
j++) {
@@ -866,9 +874,19 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
if ("propname".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_PROPERTY_NAMES;
}
if ("allprop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_ALL_PROP;
}
break;
@@ -879,6 +897,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
+if (type == -1) {
+// Nothing meaningful in the propfind element
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
+} else {
+type = FIND_ALL_PROP;
}
WebResource resource = resources.getResource(path);
@@ -1320,8 +1345,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
} else {
if (depthStr.equals("0")) {
lock.depth = 0;
-} else {
+} else if (depthStr.equals("infinity")) {
lock.depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mai
(tomcat) branch 9.0.x updated: Minor WebDAV fixes
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d1cfe8c0df Minor WebDAV fixes
d1cfe8c0df is described below
commit d1cfe8c0dfa040af7c066d8db2218bd4262c4a24
Author: remm
AuthorDate: Mon Oct 28 22:37:10 2024 +0100
Minor WebDAV fixes
Reject with 400 any Depth header with invalid values (as was done in
copyResource, which I had forgotten about), submitted by Chen Jp.
Reject bad propfind requests with 400.
Accept chunked body for propfind.
---
.../apache/catalina/servlets/WebdavServlet.java| 34 --
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 83dd664db4..845c60f465 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -813,7 +813,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Propfind depth
int depth = maxDepth;
// Propfind type
-int type = FIND_ALL_PROP;
+int type = -1;
String depthStr = req.getHeader("Depth");
@@ -826,10 +826,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
depth = 1;
} else if (depthStr.equals("infinity")) {
depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-if (req.getContentLengthLong() > 0) {
+if (req.getContentLengthLong() > 0 ||
"chunked".equalsIgnoreCase(req.getHeader("Transfer-Encoding"))) {
DocumentBuilder documentBuilder = getDocumentBuilder();
try {
@@ -851,6 +854,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.ELEMENT_NODE:
String nodeName = getDAVNode(currentNode);
if ("prop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_BY_PROPERTY;
NodeList propChildList =
currentNode.getChildNodes();
for (int j = 0; j < propChildList.getLength();
j++) {
@@ -865,9 +873,19 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
if ("propname".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_PROPERTY_NAMES;
}
if ("allprop".equals(nodeName)) {
+if (type >= 0) {
+// Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
type = FIND_ALL_PROP;
}
break;
@@ -878,6 +896,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
+if (type == -1) {
+// Nothing meaningful in the propfind element
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
+}
+} else {
+type = FIND_ALL_PROP;
}
WebResource resource = resources.getResource(path);
@@ -1319,8 +1344,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
} else {
if (depthStr.equals("0")) {
lock.depth = 0;
-} else {
+} else if (depthStr.equals("infinity")) {
lock.depth = maxDepth;
+} else {
+resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+return;
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:
