Restore the ability (via an option) to edit the contents of WEB-INF and META-INF...

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1033897 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java b/java/org/apache/catalina/servlets/WebdavServlet.java
index 39a297f..29a3e5d 100644 (file)
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -111,9 +111,18 @@ import org.xml.sax.SAXException;
  *    <url-pattern>/webdavedit/*</url-pattern>
  *  </servlet-mapping>
  * </pre>
- * Don't forget to secure access appropriately to the editing URLs. With this
- * configuration the context will be accessible to normal users as before. Those
- * users with the necessary access will be able to edit content available via
+ * By default access to /WEB-INF and META-INF are not available via WebDAV. To
+ * enable access to these URLs, use add:
+ * <pre>
+ *  &lt;init-param&gt;
+ *    &lt;param-name&gt;allowSpecialPaths&lt;/param-name&gt;
+ *    &lt;param-value&gt;true&lt;/param-value&gt;
+ *  &lt;/init-param&gt;
+ * </pre>
+ * Don't forget to secure access appropriately to the editing URLs, especially
+ * if allowSpecialPaths is used. With the mapping configuration above, the
+ * context will be accessible to normal users as before. Those users with the
+ * necessary access will be able to edit content available via
  * http://host:port/context/content using
  * http://host:port/context/webdavedit/content
  *
@@ -258,6 +267,13 @@ public class WebdavServlet
     private int maxDepth = 3;
 
 
+    /**
+     * Is access allowed via WebDAV to the special paths (/WEB-INF and
+     * /META-INF)? 
+     */
+    private boolean allowSpecialPaths = false;
+
+
     // --------------------------------------------------------- Public Methods
 
 
@@ -277,6 +293,10 @@ public class WebdavServlet
             maxDepth = Integer.parseInt(
                     getServletConfig().getInitParameter("maxDepth"));
 
+        if (getServletConfig().getInitParameter("allowSpecialPaths") != null)
+            allowSpecialPaths = Boolean.parseBoolean(
+                    getServletConfig().getInitParameter("allowSpecialPaths"));
+
         // Load the MD5 helper used to calculate signatures.
         try {
             md5Helper = MessageDigest.getInstance("MD5");
@@ -365,10 +385,10 @@ public class WebdavServlet
      * @param path the full path of the resource being accessed
      * @return <code>true</code> if the resource specified is under a special path
      */
-    private static final boolean isSpecialPath(final String path) {
-        // FIXME: why isn't this just equalsIgnoreCase?
-        return path.toUpperCase(Locale.ENGLISH).startsWith("/WEB-INF")
-            || path.toUpperCase(Locale.ENGLISH).startsWith("/META-INF");
+    private final boolean isSpecialPath(final String path) {
+        return !allowSpecialPaths && (
+                path.toUpperCase(Locale.ENGLISH).startsWith("/WEB-INF") ||
+                path.toUpperCase(Locale.ENGLISH).startsWith("/META-INF"));
     }