Author: markt
Date: Wed Feb 4 07:00:03 2009
New Revision: 740635
URL: http://svn.apache.org/viewvc?rev=740635&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46606
Max max depth limit configurable
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=740635&r1=740634&r2=740635&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java Wed Feb
4 07:00:03 2009
@@ -132,12 +132,6 @@
/**
- * Default depth is infite.
- */
- private static final int INFINITY = 3; // To limit tree browsing a bit
-
-
- /**
* PROPFIND - Specify a property mask.
*/
private static final int FIND_BY_PROPERTY = 0;
@@ -250,6 +244,13 @@
private String secret = "catalina";
+ /**
+ * Default depth in spec is infinite. Limit depth to 3 by default as
+ * infinite depth makes operations very expensive.
+ */
+ private int maxDepth = 3;
+
+
// --------------------------------------------------------- Public Methods
@@ -264,6 +265,10 @@
if (getServletConfig().getInitParameter("secret") != null)
secret = getServletConfig().getInitParameter("secret");
+ if (getServletConfig().getInitParameter("maxDepth") != null)
+ maxDepth = Integer.parseInt(
+ getServletConfig().getInitParameter("maxDepth"));
+
// Load the MD5 helper used to calculate signatures.
try {
md5Helper = MessageDigest.getInstance("MD5");
@@ -438,21 +443,21 @@
// Properties which are to be displayed.
Vector<String> properties = null;
// Propfind depth
- int depth = INFINITY;
+ int depth = maxDepth;
// Propfind type
int type = FIND_ALL_PROP;
String depthStr = req.getHeader("Depth");
if (depthStr == null) {
- depth = INFINITY;
+ depth = maxDepth;
} else {
if (depthStr.equals("0")) {
depth = 0;
} else if (depthStr.equals("1")) {
depth = 1;
} else if (depthStr.equals("infinity")) {
- depth = INFINITY;
+ depth = maxDepth;
}
}
@@ -878,12 +883,12 @@
String depthStr = req.getHeader("Depth");
if (depthStr == null) {
- lock.depth = INFINITY;
+ lock.depth = maxDepth;
} else {
if (depthStr.equals("0")) {
lock.depth = 0;
} else {
- lock.depth = INFINITY;
+ lock.depth = maxDepth;
}
}
@@ -1090,7 +1095,7 @@
md5Encoder.encode(md5Helper.digest(lockTokenStr.getBytes()));
if ( (exists) && (object instanceof DirContext) &&
- (lock.depth == INFINITY) ) {
+ (lock.depth == maxDepth) ) {
// Locking a collection (and all its member resources)
@@ -2731,7 +2736,7 @@
generatedXML.writeElement(null, "lockscope", XMLWriter.CLOSING);
generatedXML.writeElement(null, "depth", XMLWriter.OPENING);
- if (depth == INFINITY) {
+ if (depth == maxDepth) {
generatedXML.writeText("Infinity");
} else {
generatedXML.writeText("0");
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
