Bug 30982 - possible DELETE on a resource LOCKed by an other user
Summary: possible DELETE on a resource LOCKed by an other user
Status: RESOLVED FIXED
Alias: None
Product: Slide
Classification: Unclassified
Component: WebDAV Server (show other bugs)
Version: 2.1
Hardware: All All
: P3 major (vote)
Target Milestone: ---
Assignee: Slide Developer List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-01 07:44 UTC by Stefan L
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan L 2004-09-01 07:44:55 UTC
currently it is possible for a user that does not own a given lock to 
delete a resource if he provides the "stolen" locktoken in the If header.

e.g. in the following scenario

user A LOCK /any/resource
user B PROPFIND /any/resource (retrieves the locktoken)
user B DELETE /any/resource

I think that's a bug. If nobody contradicts, I'll try to fix this ASAP.
Comment 1 Stefan L 2004-09-03 14:49:29 UTC
Added a testcase under /functional/lock/mix/nonOwnerUsesLocktoken to reproduce.
Fixed in LockImpl