https://issues.apache.org/bugzilla/show_bug.cgi?id=53910
Priority: P2
Bug ID: 53910
Assignee: [email protected]
Summary: If: check spuriously succeeds with %-encoded URL and
ETag qualifier
Severity: normal
Classification: Unclassified
OS: other
Reporter: [email protected]
Hardware: Macintosh
Status: NEW
Version: 2.4.3
Component: mod_dav
Product: Apache httpd-2
Created attachment 29401
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29401&action=edit
Patch
Using a clean build of httpd-2.4.3, I'm seeing the following behavior:
* Make a collection
* Get its ETag with PROPFIND Depth=0
* Add an item to the collection
* httpd reports a new ETag for the collection at this point
* Attempt a MOVE of the collection to a new name, predicated with the OLD
ETag, using an "If" header of </src/> (["ETag"])
* Expect a precondition failure error
I get a proper 412 precondition failure if the source and destination are
"/src/" and "/dst/", but if I use percent escapes in the URLs the MOVE
spuriously succeeds (for example, if I use "/s%20r%20c/" and "/d%20s%20t/".
I've you'd like to see or try specifically my case, I've submitted a patch to
litmus
<http://lists.manyfish.co.uk/pipermail/litmus/2012-September/000344.html>.
A possible patch to fix the problem is attached -- when parsing the If header,
make sure to unescape the URI in the If header. dav_validate_resource_state()
compare a resource URI (which was already unescaped) with a dav_if_header's URI
(which was not unescaped while parsing the If header).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
