Author: markt
Date: Thu Nov 11 11:49:51 2010
New Revision: 1033897
URL: http://svn.apache.org/viewvc?rev=1033897&view=rev
Log:
Restore the ability (via an option) to edit the contents of WEB-INF and
META-INF via WebDAV
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=1033897&r1=1033896&r2=1033897&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java Thu Nov
11 11:49:51 2010
@@ -111,9 +111,18 @@ import org.xml.sax.SAXException;
* <url-pattern>/webdavedit/*</url-pattern>
* </servlet-mapping>
* </pre>
- * Don't forget to secure access appropriately to the editing URLs. With this
- * configuration the context will be accessible to normal users as before.
Those
- * users with the necessary access will be able to edit content available via
+ * By default access to /WEB-INF and META-INF are not available via WebDAV. To
+ * enable access to these URLs, use add:
+ * <pre>
+ * <init-param>
+ * <param-name>allowSpecialPaths</param-name>
+ * <param-value>true</param-value>
+ * </init-param>
+ * </pre>
+ * Don't forget to secure access appropriately to the editing URLs, especially
+ * if allowSpecialPaths is used. With the mapping configuration above, the
+ * context will be accessible to normal users as before. Those users with the
+ * necessary access will be able to edit content available via
* http://host:port/context/content using
* http://host:port/context/webdavedit/content
*
@@ -258,6 +267,13 @@ public class WebdavServlet
private int maxDepth = 3;
+ /**
+ * Is access allowed via WebDAV to the special paths (/WEB-INF and
+ * /META-INF)?
+ */
+ private boolean allowSpecialPaths = false;
+
+
// --------------------------------------------------------- Public Methods
@@ -277,6 +293,10 @@ public class WebdavServlet
maxDepth = Integer.parseInt(
getServletConfig().getInitParameter("maxDepth"));
+ if (getServletConfig().getInitParameter("allowSpecialPaths") != null)
+ allowSpecialPaths = Boolean.parseBoolean(
+ getServletConfig().getInitParameter("allowSpecialPaths"));
+
// Load the MD5 helper used to calculate signatures.
try {
md5Helper = MessageDigest.getInstance("MD5");
@@ -365,10 +385,10 @@ public class WebdavServlet
* @param path the full path of the resource being accessed
* @return <code>true</code> if the resource specified is under a special
path
*/
- private static final boolean isSpecialPath(final String path) {
- // FIXME: why isn't this just equalsIgnoreCase?
- return path.toUpperCase(Locale.ENGLISH).startsWith("/WEB-INF")
- || path.toUpperCase(Locale.ENGLISH).startsWith("/META-INF");
+ private final boolean isSpecialPath(final String path) {
+ return !allowSpecialPaths && (
+ path.toUpperCase(Locale.ENGLISH).startsWith("/WEB-INF") ||
+ path.toUpperCase(Locale.ENGLISH).startsWith("/META-INF"));
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
