[
https://issues.apache.org/jira/browse/SLING-3203?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bertrand Delacretaz resolved SLING-3203.
----------------------------------------
Resolution: Fixed
Fix Version/s: Servlets Post 2.3.4
Assignee: Bertrand Delacretaz
Implemented in http://svn.apache.org/r1560342 , with integration test.
POST :delete now returns 403 with a descriptive message if the request includes
selectors, extension or suffix.
All integration tests pass.
> Post servlet's delete operation deletes parent of nonexisting node
> ------------------------------------------------------------------
>
> Key: SLING-3203
> URL: https://issues.apache.org/jira/browse/SLING-3203
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Post 2.3.2
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
> Fix For: Servlets Post 2.3.4
>
> Attachments: SLING-3203.patch
>
>
> In the below scenario, /tmp/test is gone after the delete operation - the
> resource resolver goes up the path of the nonexisting node, and it's
> /tmp/test that's provided to the DeleteOperation.
> I think we should change this (maybe with a backwards compatibility switch),
> as it's clear that the user's intention in this case is not to delete
> /tmp/test. Maybe just reject :delete operations if the request has any
> selector or extensions.
> curl -u admin:admin -X POST http://localhost:8080/tmp/test/some.node
> curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # looks good
> curl -u admin:admin -F:operation=delete
> http://localhost:8080/tmp/test.other/nothing
> curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # 404
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
