From: markt Date: Thu, 11 Nov 2010 11:49:51 +0000 (+0000) Subject: Restore the ability (via an option) to edit the contents of WEB-INF and META-INF... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=8d024c55dc43f07d5243f53bf0197b2246592d88;p=tomcat7.0 Restore the ability (via an option) to edit the contents of WEB-INF and META-INF via WebDAV git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1033897 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java b/java/org/apache/catalina/servlets/WebdavServlet.java index 39a297f8d..29a3e5dc0 100644 --- a/java/org/apache/catalina/servlets/WebdavServlet.java +++ b/java/org/apache/catalina/servlets/WebdavServlet.java @@ -111,9 +111,18 @@ import org.xml.sax.SAXException; * <url-pattern>/webdavedit/*</url-pattern> * </servlet-mapping> * - * Don't forget to secure access appropriately to the editing URLs. With this - * configuration the context will be accessible to normal users as before. Those - * users with the necessary access will be able to edit content available via + * By default access to /WEB-INF and META-INF are not available via WebDAV. To + * enable access to these URLs, use add: + * 
+ *  <init-param>
+ *    <param-name>allowSpecialPaths</param-name>
+ *    <param-value>true</param-value>
+ *  </init-param>
+ *
+ * Don't forget to secure access appropriately to the editing URLs, especially + * if allowSpecialPaths is used. With the mapping configuration above, the + * context will be accessible to normal users as before. Those users with the + * necessary access will be able to edit content available via * http://host:port/context/content using * http://host:port/context/webdavedit/content * @@ -258,6 +267,13 @@ public class WebdavServlet private int maxDepth = 3; + /** + * Is access allowed via WebDAV to the special paths (/WEB-INF and + * /META-INF)? + */ + private boolean allowSpecialPaths = false; + + // --------------------------------------------------------- Public Methods @@ -277,6 +293,10 @@ public class WebdavServlet maxDepth = Integer.parseInt( getServletConfig().getInitParameter("maxDepth")); + if (getServletConfig().getInitParameter("allowSpecialPaths") != null) + allowSpecialPaths = Boolean.parseBoolean( + getServletConfig().getInitParameter("allowSpecialPaths")); + // Load the MD5 helper used to calculate signatures. try { md5Helper = MessageDigest.getInstance("MD5"); @@ -365,10 +385,10 @@ public class WebdavServlet * @param path the full path of the resource being accessed * @return true if the resource specified is under a special path */ - private static final boolean isSpecialPath(final String path) { - // FIXME: why isn't this just equalsIgnoreCase? - return path.toUpperCase(Locale.ENGLISH).startsWith("/WEB-INF") - || path.toUpperCase(Locale.ENGLISH).startsWith("/META-INF"); + private final boolean isSpecialPath(final String path) { + return !allowSpecialPaths && ( + path.toUpperCase(Locale.ENGLISH).startsWith("/WEB-INF") || + path.toUpperCase(Locale.ENGLISH).startsWith("/META-INF")); }