Author: markt
Date: Wed Jun 3 22:05:39 2009
New Revision: 781601
URL: http://svn.apache.org/viewvc?rev=781601&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46606
Max max depth limit configurable
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java?rev=781601&r1=781600&r2=781601&view=diff
==============================================================================
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
Wed Jun 3 22:05:39 2009
@@ -94,12 +94,6 @@
/**
- * Default depth is infinite.
- */
- private static final int INFINITY = 3; // To limit tree browsing a bit
-
-
- /**
* PROPFIND - Specify a property mask.
*/
private static final int FIND_BY_PROPERTY = 0;
@@ -210,6 +204,13 @@
private String secret = "catalina";
+ /**
+ * Default depth in spec is infinite. Limit depth to 3 by default as
+ * infinite depth makes operations very expensive.
+ */
+ private int maxDepth = 3;
+
+
// --------------------------------------------------------- Public Methods
@@ -232,6 +233,10 @@
}
+ if (getServletConfig().getInitParameter("maxDepth") != null)
+ maxDepth = Integer.parseInt(
+ getServletConfig().getInitParameter("maxDepth"));
+
// Load the MD5 helper used to calculate signatures.
try {
md5Helper = MessageDigest.getInstance("MD5");
@@ -407,21 +412,21 @@
// Properties which are to be displayed.
List properties = null;
// Propfind depth
- int depth = INFINITY;
+ int depth = maxDepth;
// Propfind type
int type = FIND_ALL_PROP;
String depthStr = req.getHeader("Depth");
if (depthStr == null) {
- depth = INFINITY;
+ depth = maxDepth;
} else {
if (depthStr.equals("0")) {
depth = 0;
} else if (depthStr.equals("1")) {
depth = 1;
} else if (depthStr.equals("infinity")) {
- depth = INFINITY;
+ depth = maxDepth;
}
}
@@ -844,12 +849,12 @@
String depthStr = req.getHeader("Depth");
if (depthStr == null) {
- lock.depth = INFINITY;
+ lock.depth = maxDepth;
} else {
if (depthStr.equals("0")) {
lock.depth = 0;
} else {
- lock.depth = INFINITY;
+ lock.depth = maxDepth;
}
}
@@ -1052,7 +1057,7 @@
md5Encoder.encode(md5Helper.digest(lockTokenStr.getBytes()));
if ( (exists) && (object instanceof DirContext) &&
- (lock.depth == INFINITY) ) {
+ (lock.depth == maxDepth) ) {
// Locking a collection (and all its member resources)
@@ -2726,7 +2731,7 @@
generatedXML.writeElement(null, "lockscope", XMLWriter.CLOSING);
generatedXML.writeElement(null, "depth", XMLWriter.OPENING);
- if (depth == INFINITY) {
+ if (depth == maxDepth) {
generatedXML.writeText("Infinity");
} else {
generatedXML.writeText("0");
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=781601&r1=781600&r2=781601&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Jun 3 22:05:39 2009
@@ -103,6 +103,10 @@
(markt)
</fix>
<fix>
+ <bug>46606</bug>: Make max depth limit for WebDAV servlet configurable.
+ (markt)
+ </fix>
+ <fix>
Improve handling of situation where web application tries to configure
logging at the context level but the security policy prevents this.
(markt/rjung)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
