GitLab Mirror pushed to branch 2.6 at cms-community / hippo-jackrabbit
Commits: 6970e263 by Julian Reschke at 2018-01-16T19:21:52+00:00 JCR-4165: jackrabbit-server doesn't handle content-codings properly (ported to 2.6) Reject all requests with non-empty Content-Encoding header fields with status 415. git-svn-id: https://svn.apache.org/repos/asf/jackrabbit/branches/2.6@1821292 13f79535-47bb-0310-9956-ffa450edef68 - - - - - 1 changed file: - jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java Changes: ===================================== jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java ===================================== --- a/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java +++ b/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java @@ -88,6 +88,8 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; import java.util.List; /** @@ -282,6 +284,17 @@ abstract public class AbstractWebdavServlet extends HttpServlet implements DavCo return; } + // JCR-4165: reject any content-coding in request until we can + // support it (see JCR-4166) + List<String> ces = getContentCodings(request); + if (!ces.isEmpty()) { + webdavResponse.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); + webdavResponse.setHeader("Accept-Encoding", "identity"); + webdavResponse.setContentType("text/plain; charset=UTF-8"); + webdavResponse.getWriter().println("Content-Encodings not supported, but received: " + ces); + webdavResponse.getWriter().flush(); + } + // check matching if=header for lock-token relevant operations DavResource resource = getResourceFactory().createResource(webdavRequest.getRequestLocator(), webdavRequest, webdavResponse); if (!isPreconditionValid(webdavRequest, resource)) { @@ -1389,4 +1402,21 @@ abstract public class AbstractWebdavServlet extends HttpServlet implements DavCo protected OutputContext getOutputContext(DavServletResponse response, OutputStream out) { return new OutputContextImpl(response, out); } + + private List<String> getContentCodings(HttpServletRequest request) { + List<String> result = Collections.emptyList(); + for (@SuppressWarnings("unchecked") + Enumeration<String> ceh = request.getHeaders("Content-Encoding"); ceh.hasMoreElements();) { + for (String h : ceh.nextElement().split(",")) { + if (!h.trim().isEmpty()) { + if (result.isEmpty()) { + result = new ArrayList<String>(); + } + result.add(h.trim()); + } + } + } + + return result; + } } View it on GitLab: https://code.onehippo.org/cms-community/hippo-jackrabbit/commit/6970e263cb7655252cab35d9e9b86c74833153f5 --- View it on GitLab: https://code.onehippo.org/cms-community/hippo-jackrabbit/commit/6970e263cb7655252cab35d9e9b86c74833153f5 You're receiving this email because of your account on code.onehippo.org.
_______________________________________________ Hippocms-svn mailing list Hippocms-svn@lists.onehippo.org https://lists.onehippo.org/mailman/listinfo/hippocms-svn
