This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d98cd9e5de Fix unintended escaping of XML in some WebDAV responses
d98cd9e5de is described below
commit d98cd9e5dec1bd8ba9f027f5909d8b207a4e3522
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Nov 29 17:04:19 2023 +0000
Fix unintended escaping of XML in some WebDAV responses
The XML list of support locks when provided in response to a PROPFIND
request was incorrectly XML escaped
---
java/org/apache/catalina/servlets/WebdavServlet.java | 4 ++--
java/org/apache/catalina/util/XMLWriter.java | 10 ++++++++++
webapps/docs/changelog.xml | 5 +++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 55faf853a2..e10b85bc99 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1960,7 +1960,7 @@ public class WebdavServlet extends DefaultServlet {
"<D:lockscope><D:shared/></D:lockscope>" +
"<D:locktype><D:write/></D:locktype>" +
"</D:lockentry>";
generatedXML.writeElement("D", "supportedlock",
XMLWriter.OPENING);
- generatedXML.writeText(supportedLocks);
+ generatedXML.writeRaw(supportedLocks);
generatedXML.writeElement("D", "supportedlock",
XMLWriter.CLOSING);
generateLockDiscovery(path, generatedXML);
@@ -2068,7 +2068,7 @@ public class WebdavServlet extends DefaultServlet {
"<D:lockscope><D:shared/></D:lockscope>" +
"<D:locktype><D:write/></D:locktype>" +
"</D:lockentry>";
generatedXML.writeElement("D", "supportedlock",
XMLWriter.OPENING);
- generatedXML.writeText(supportedLocks);
+ generatedXML.writeRaw(supportedLocks);
generatedXML.writeElement("D", "supportedlock",
XMLWriter.CLOSING);
} else if (property.equals("lockdiscovery")) {
if (!generateLockDiscovery(path, generatedXML)) {
diff --git a/java/org/apache/catalina/util/XMLWriter.java
b/java/org/apache/catalina/util/XMLWriter.java
index 8290b73943..143c305f34 100644
--- a/java/org/apache/catalina/util/XMLWriter.java
+++ b/java/org/apache/catalina/util/XMLWriter.java
@@ -205,6 +205,16 @@ public class XMLWriter {
}
+ /**
+ * Write raw XML data.
+ *
+ * @param raw Raw XML to append
+ */
+ public void writeRaw(String raw) {
+ buffer.append(raw);
+ }
+
+
/**
* Write data.
*
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1fc5a0ec38..321d018ccf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -111,6 +111,11 @@
Background processes should not be run concurrently with lifecycle
oprations of a container. (remm)
</fix>
+ <fix>
+ Correct unintended escaping of XML in some WebDAV responses. The XML
+ list of support locks when provided in response to a PROPFIND request
+ was incorrectly XML escaped. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
