remm 01/04/05 12:03:09
Modified: catalina/src/share/org/apache/catalina/servlets
WebdavServlet.java
Log:
- Prevent COPY method from manipulating anything in /WEB-INF or /META-INF.
Note : That could only happen when a user had red/write access on the
context.
Revision Changes Path
1.16 +18 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
Index: WebdavServlet.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- WebdavServlet.java 2001/04/05 18:55:02 1.15
+++ WebdavServlet.java 2001/04/05 19:03:08 1.16
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java,v
1.15 2001/04/05 18:55:02 remm Exp $
- * $Revision: 1.15 $
- * $Date: 2001/04/05 18:55:02 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java,v
1.16 2001/04/05 19:03:08 remm Exp $
+ * $Revision: 1.16 $
+ * $Date: 2001/04/05 19:03:08 $
*
* ====================================================================
*
@@ -125,7 +125,7 @@
* are handled by the DefaultServlet.
*
* @author Remy Maucherat
- * @version $Revision: 1.15 $ $Date: 2001/04/05 18:55:02 $
+ * @version $Revision: 1.16 $ $Date: 2001/04/05 19:03:08 $
*/
public class WebdavServlet
@@ -1481,10 +1481,24 @@
}
}
+ destinationPath = normalize(destinationPath);
+
if (debug > 0)
System.out.println("Dest path :" + destinationPath);
+ if ((destinationPath.toUpperCase().startsWith("/WEB-INF")) ||
+ (destinationPath.toUpperCase().startsWith("/META-INF"))) {
+ resp.sendError(WebdavStatus.SC_FORBIDDEN);
+ return false;
+ }
+
String path = getRelativePath(req);
+
+ if ((path.toUpperCase().startsWith("/WEB-INF")) ||
+ (path.toUpperCase().startsWith("/META-INF"))) {
+ resp.sendError(WebdavStatus.SC_FORBIDDEN);
+ return false;
+ }
if (destinationPath.equals(path)) {
resp.sendError(WebdavStatus.SC_FORBIDDEN);