mod_dav: Fix PR 55306.
Makes mod_dav no longer require that the lock token be provided when the
source of a COPY is locked. The prior behavior was in violating of
RFC 4918 which says that the lock token is only required on resources
that may be modified by the method.
* modules/dav/main/mod_dav.h
(DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.
* modules/dav/main/mod_dav.c
(dav_method_copymove): Use the new flag when calling dav_validate_request()
on the COPY source.
* modules/dav/main/util.c
(dav_validate_resource_state): Use the flag to decide to ignore if the lock
token is not provided.
Submitted by: breser
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1533447 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.7
+ *) mod_dav: Don't require lock tokens for COPY source. PR 55306.
+
*) core: Don't truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. PR 55643. [Jeff Trawick]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_dav: Fix 55306. Don't require lock tokens for COPY source.
- trunk patches: https://svn.apache.org/r1528718
- 2.4.x: trunk works, CHANGES needs to be written when merging
- +1: breser, minfrin, jim
* mod_dav: Fix 55397. dav_resource->uri treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6.
if ((err = dav_validate_request(r, resource, depth, NULL,
&multi_response,
(is_move ? DAV_VALIDATE_PARENT
- : DAV_VALIDATE_RESOURCE)
+ : DAV_VALIDATE_RESOURCE
+ | DAV_VALIDATE_NO_MODIFY)
| DAV_VALIDATE_USE_424,
NULL)) != NULL) {
err = dav_push_error(r->pool, err->status, 0,
the 424 DAV:response */
#define DAV_VALIDATE_USE_424 0x0080 /* return 424 status, not 207 */
#define DAV_VALIDATE_IS_PARENT 0x0100 /* for internal use */
+#define DAV_VALIDATE_NO_MODIFY 0x0200 /* resource is not being modified
+ so allow even if lock token
+ is not provided */
/* Lock-null related public lock functions */
DAV_DECLARE(int) dav_get_resource_state(request_rec *r,
/*
** For methods other than LOCK:
**
- ** If we have no locks, then <seen_locktoken> can be set to true --
+ ** If we have no locks or if the resource is not being modified
+ ** (per RFC 4918 the lock token is not required on resources
+ ** we are not changing), then <seen_locktoken> can be set to true --
** pretending that we've already met the requirement of seeing one
** of the resource's locks in the If: header.
**
** Otherwise, it must be cleared and we'll look for one.
*/
- seen_locktoken = (lock_list == NULL);
+ seen_locktoken = (lock_list == NULL
+ || flags & DAV_VALIDATE_NO_MODIFY);
}
/*
projects / apache / commitdiff