This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3091999213 Fix WebDAV bugs
3091999213 is described below
commit 30919992133deef9b596062f7c57357edee2f42c
Author: remm <[email protected]>
AuthorDate: Mon Oct 14 13:03:41 2024 +0200
Fix WebDAV bugs
Verify that destination is not locked for a WebDAV copy operation.
Missing Lock-Token header in the response when locking a folder (the
token was only in the body).
Invalid lock requests should be rejected with 400.
Fix regression in WebDAV when attempting to unlock a collection (the COW
iterator does not support remove; instead remove on the collection
itself and stop iterating).
---
java/org/apache/catalina/servlets/WebdavServlet.java | 16 +++++++++++++---
webapps/docs/changelog.xml | 14 ++++++++++++++
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 510e76d2ce..fe7546ba4f 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1146,6 +1146,9 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
if (addLock) {
lock.tokens.add(lockToken);
collectionLocks.add(lock);
+ // Add the Lock-Token header as by RFC 2518 8.10.1
+ // - only do this for newly created locks
+ resp.addHeader("Lock-Token", "<opaquelocktoken:" +
lockToken + ">");
}
} else {
@@ -1192,7 +1195,8 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
String ifHeader = req.getHeader("If");
if (ifHeader == null) {
- ifHeader = "";
+ // Bad request
+ resp.setStatus(WebdavStatus.SC_BAD_REQUEST);
}
// Checking resource locks
@@ -1236,7 +1240,6 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
generatedXML.writeElement("D", "prop", XMLWriter.CLOSING);
- resp.setStatus(WebdavStatus.SC_OK);
resp.setContentType("text/xml; charset=UTF-8");
Writer writer = resp.getWriter();
writer.write(generatedXML.toString());
@@ -1307,9 +1310,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
if (lock.tokens.isEmpty()) {
- collectionLocksList.remove();
+ collectionLocks.remove(lock);
// Removing any lock-null resource which would be present
removeLockNull(path);
+ break;
}
}
}
@@ -1503,6 +1507,12 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
return false;
}
+ // Check if destination is locked
+ if (isLocked(destinationPath, req)) {
+ resp.sendError(WebdavStatus.SC_LOCKED);
+ return false;
+ }
+
boolean overwrite = true;
String overwriteHeader = req.getHeader("Overwrite");
if (overwriteHeader != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9d141f1883..41f100d5f2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -146,6 +146,20 @@
Avoid NPE in <code>CrawlerSessionManagerValve</code> for partially
mapped requests. (remm)
</fix>
+ <fix>
+ Add missing WebDAV <code>Lock-Token</code> header in the response when
+ locking a folder. (remm)
+ </fix>
+ <fix>
+ Invalid WebDAV lock requests should be rejected with 400. (remm)
+ </fix>
+ <fix>
+ Fix regression in WebDAV when attempting to unlock a collection. (remm)
+ </fix>
+ <fix>
+ Verify that destination is not locked for a WebDAV copy operation.
+ (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
