remm 01/04/10 19:37:12
Modified: catalina/src/share/org/apache/catalina/servlets
WebdavServlet.java
Log:
- Tighten up more on /WEB-INF (I forgot to add a check for MKCOL).
- Set content type to use a UTF-8 charset (as is advertised in the XML header).
- Return human readable values for the displayname property.
Revision Changes Path
1.18 +33 -10
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
Index: WebdavServlet.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- WebdavServlet.java 2001/04/06 02:45:48 1.17
+++ WebdavServlet.java 2001/04/11 02:37:12 1.18
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java,v
1.17 2001/04/06 02:45:48 remm Exp $
- * $Revision: 1.17 $
- * $Date: 2001/04/06 02:45:48 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java,v
1.18 2001/04/11 02:37:12 remm Exp $
+ * $Revision: 1.18 $
+ * $Date: 2001/04/11 02:37:12 $
*
* ====================================================================
*
@@ -125,7 +125,7 @@
* are handled by the DefaultServlet.
*
* @author Remy Maucherat
- * @version $Revision: 1.17 $ $Date: 2001/04/06 02:45:48 $
+ * @version $Revision: 1.18 $ $Date: 2001/04/11 02:37:12 $
*/
public class WebdavServlet
@@ -402,6 +402,12 @@
String path = getRelativePath(req);
+ if ((path.toUpperCase().startsWith("/WEB-INF")) ||
+ (path.toUpperCase().startsWith("/META-INF"))) {
+ resp.sendError(WebdavStatus.SC_FORBIDDEN);
+ return;
+ }
+
// Properties which are to be displayed.
Vector properties = null;
// Propfind depth
@@ -514,6 +520,8 @@
resp.setStatus(WebdavStatus.SC_MULTI_STATUS);
+ resp.setContentType("text/xml; charset=UTF-8");
+
// Create multistatus object
XMLWriter generatedXML = new XMLWriter(resp.getWriter());
generatedXML.writeXMLHeader();
@@ -621,6 +629,7 @@
+
}
@@ -642,6 +651,12 @@
String path = getRelativePath(req);
+ if ((path.toUpperCase().startsWith("/WEB-INF")) ||
+ (path.toUpperCase().startsWith("/META-INF"))) {
+ resp.sendError(WebdavStatus.SC_FORBIDDEN);
+ return;
+ }
+
// Retrieve the resources
DirContext resources = getResources();
@@ -1251,6 +1266,7 @@
generatedXML.writeElement(null, "prop", XMLWriter.CLOSING);
resp.setStatus(WebdavStatus.SC_OK);
+ resp.setContentType("text/xml; charset=UTF-8");
Writer writer = resp.getWriter();
writer.write(generatedXML.toString());
writer.close();
@@ -1941,6 +1957,11 @@
generatedXML.writeElement(null, "href", XMLWriter.CLOSING);
+ String resourceName = path;
+ int lastSlash = path.lastIndexOf('/');
+ if (lastSlash != -1)
+ resourceName = resourceName.substring(lastSlash + 1);
+
switch (type) {
case FIND_ALL_PROP :
@@ -1951,9 +1972,9 @@
generatedXML.writeProperty
(null, "creationdate",
getISOCreationDate(resourceInfo.creationDate));
- generatedXML.writeProperty
- (null, "displayname",
- rewriteUrl(resourceInfo.path.replace('/', '_')));
+ generatedXML.writeElement(null, "displayname", XMLWriter.OPENING);
+ generatedXML.writeData(resourceName);
+ generatedXML.writeElement(null, "displayname", XMLWriter.CLOSING);
generatedXML.writeProperty(null, "getcontentlanguage",
Locale.getDefault().toString());
if (!resourceInfo.collection) {
@@ -2058,9 +2079,11 @@
(null, "creationdate",
getISOCreationDate(resourceInfo.creationDate));
} else if (property.equals("displayname")) {
- generatedXML.writeProperty
- (null, "displayname",
- rewriteUrl(resourceInfo.path.replace('/', '_')));
+ generatedXML.writeElement
+ (null, "displayname", XMLWriter.OPENING);
+ generatedXML.writeData(resourceName);
+ generatedXML.writeElement
+ (null, "displayname", XMLWriter.CLOSING);
} else if (property.equals("getcontentlanguage")) {
if (resourceInfo.collection) {
propertiesNotFound.addElement(property);