Bug 46606 - WebdavServlet
Summary: WebdavServlet
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL: http://svn.apache.org/repos/asf/tomca...
Keywords: RFC
Depends on:
Blocks:
 
Reported: 2009-01-26 07:18 UTC by Robert Jakob
Modified: 2009-02-12 06:57 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Jakob 2009-01-26 07:18:21 UTC
In the Webdav standard, there is a header option named "depth".
This header must be given when running a propfind webdav request.
The value may be greater 0 or the constant "infinity", i.e. the
whole file tree is requested.

In the WebdavServlet, INFINITY is set to 3, which unfortunately
does not correspond to the standard.

>>> CODE >>>
/**
 * Default depth is infite.
 */
private static final int INFINITY = 3; // To limit tree browsing a bit
<<< END OF CODE <<<

Perhaps this could be changed to a much higher value (e.g. maxint).

Below, there is a method named propfind, where the following code
can be found:

>>> CODE >>>
String depthStr = req.getHeader("Depth");

if (depthStr == null) {
  depth = INFINITY;
} else {
  if (depthStr.equals("0")) {
  depth = 0;
   } else if (depthStr.equals("1")) {
      depth = 1;
   } else if (depthStr.equals("infinity")) {
    depth = INFINITY;
  }
}
<<< END OF CODE <<<

Perhaps one should use an integer conversion function and in case
of an exception one could use infinity.

Hope this describes the problem good enough.
The same problem occurs in Tomcat 5.x, as well.
Comment 1 Mark Thomas 2009-02-03 23:06:46 UTC
The limit is in place to prevent what could be an expensive operation.

I have made this configurable with the default still set to 3.

This change has been made to trunk and proposed for 6.0.x and 5.5.x
Comment 2 Mark Thomas 2009-02-12 06:57:24 UTC
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.