5f6996f1e3091d47af542c2437464bbc7e2e5b67 1588862 |
|
21-Apr-2014 |
jailletc36 |
Typo in comment |
057480777378361da24068b75e3cb07b95fd6ffd 1556428 |
|
08-Jan-2014 |
breser |
SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing leading spaces.
* modules/dav/main/util.c
(dav_xml_get_cdata): reduce len variable when increasing cdata pointer.
Submitted by: Amin Tora <Amin.Tora neustar.biz> |
89fc13eb43e6c78d3377e9ef0d79d343a138041b 1528718 |
|
03-Oct-2013 |
breser |
mod_dav: Fix PR 55306.
Makes mod_dav no longer require that the lock token be provided when the
source of a COPY is locked. The prior behavior was in violating of
RFC 4918 which says that the lock token is only required on resources
that may be modified by the method.
* modules/dav/main/mod_dav.h
(DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.
* modules/dav/main/mod_dav.c
(dav_method_copymove): Use the new flag when calling dav_validate_request()
on the COPY source.
* modules/dav/main/util.c
(dav_validate_resource_state): Use the flag to decide to ignore if the lock
token is not provided. |
f0d00d46501a748e59cf7e0ab04f493d33833818 1497588 |
|
28-Jun-2013 |
rjung |
Fix indentation (plus now needed line-wrap).
Followup to r1470940. |
28418cf4450c797588e74e91a3b22ed85f42423a 1477530 |
|
30-Apr-2013 |
minfrin |
mod_dav: Make sure the URI length is calculated correctly. |
1aac1c71105133d669960501bdf2274e63561054 1470940 |
|
23-Apr-2013 |
minfrin |
mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. PR 53910
Patch submitted by Timothy Wood <tjw omnigroup com>
Tested by William Lewis <wiml omnigroup com> |
691db92094897494d6c31326108da20088bc175e 1464241 |
|
04-Apr-2013 |
trawick |
mod_dav: Improve error handling in dav_method_put(), add new
dav_join_error() function.
PR: 54145
Submitted by: Ben Reser <ben reser.org>
Reviewed by: trawick |
4f71b58f8cd75489a8e7e6e710a016a73a911efc 1397320 |
|
11-Oct-2012 |
jailletc36 |
[Test] First try : remove extra ';' |
5bfaaf573bacb45c1cf290ce85ecc676587e8a64 1174751 |
|
23-Sep-2011 |
jim |
Cleanup effort in prep for GA push:
Trim trailing whitespace... no func change |
f8033d657a57eab45af44368774d8beb3e4f7f35 966348 |
|
21-Jul-2010 |
pquerna |
CVE-2010-1452: Fix handling of missing path segments in the parsed URI structure.
If a specially crafted request was sent, it is possible to crash mod_dav,
mod_cache or mod_session, as they accessed a field that is set to NULL
by the URI parser, assuming that it always put in a valid string.
PR: 49246
Submitted by: Mark Drayton
Patch by: Jeff Trawick |
99d46a23c6eac800f327b29f8009f7d7da986230 882274 |
|
19-Nov-2009 |
trawick |
Remove errno from dav_error interface. Calls to dav_new_error()
and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
Reviewed by: jorton |
d64231e66711504d8e33d594fc5c27ae86e7b629 607838 |
|
01-Jan-2008 |
rpluem |
* Avoid SEGFAULT as hooks->set_headers can be NULL. Furthermore do not set the
ETag header permanently as setting it may not be desired for all responses.
Submitted by: niq, rpluem |
5d760c4a4841be07965080c4cec527d8f5172ef5 607472 |
|
29-Dec-2007 |
rpluem |
* Style police. No functional changes. |
ef1ab47476366272bf32be1439057f972bfe86ed 607466 |
|
29-Dec-2007 |
niq |
mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals.
PR 38034
Patch by Paritosh Shah
Explanation by Werner Baumann |
842ae4bd224140319ae7feec1872b93dfd491143 420983 |
|
11-Jul-2006 |
fielding |
update license header text |
3d81f57512275ca06a60a9bcbd23c1f8b429fdf2 395228 |
|
19-Apr-2006 |
colm |
Update the copyright year in all .c, .h and .xml files |
e8f95a682820a599fe41b22977010636be5c2717 332306 |
|
10-Nov-2005 |
jim |
No functional Change: Removing trailing whitespace. This also
means that "blank" lines consisting of just spaces or
tabs are now really blank lines |
42f2b4b0e9b84dfd8acbb9c0da18a07c664e30a1 329562 |
|
30-Oct-2005 |
jorton |
Fix handling of unknown state tokens in If headers:
* modules/dav/main/mod_dav.h: Add dav_if_unknown to dav_if_state_type
enum.
* modules/dav/main/util.c (dav_add_if_state): Set returned type to
dav_if_unknown for an unknown state token.
(dav_validate_resource_state): Evaluate dav_if_unknown to fail
match unless in a Not condition.
PR: 37288 |
0206c121a68a63559b2e843288e81bcf16093e46 155345 |
|
25-Feb-2005 |
jerenkrantz |
* modules/dav/main/mod_dav.h: Wrap all public functions in
DAV_DECLARE or DAV_DECLARE_NONSTD.
* modules/dav/main/liveprop.c, modules/dav/main/props.c,
modules/dav/main/util_lock.c, modules/dav/main/mod_dav.c,
modules/dav/main/std_liveprop.c, modules/dav/main/util.c:
Update function definitions.
Submitted by: Branko ÄŒibej <brane xbc.nu>
Reviewed by: Justin Erenkrantz |
08cb74ca432a8c24e39f17dedce527e6a47b8001 151408 |
|
04-Feb-2005 |
jerenkrantz |
Update copyright year to 2005 and standardize on current copyright owner line. |
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8 123882 |
|
02-Jan-2005 |
wrowe |
FINALLY Correct ap_http_method()! It is NOT a method, it's a SCHEME!
Bumped mmn, and ap module cookie, for this function rename.
It's not a deprecation, as ap_http_method would be a lovely function
name sometime in the future: to determine what the function name implies. |
0ebbfa1339c67b716f4ac8123a892d85962f100f 102958 |
|
14-Mar-2004 |
jorton |
Forward-port from mod_dav 1.0:
* modules/dav/main/util.c (dav_validate_resource_state): Fix a 2617
violation: if the lock user validation fails, rather than giving a 401
without a WWW-Authenticate header, give a 403. |
78cd48acd325773619d78ac0d7263a99a8922fae 102618 |
|
09-Feb-2004 |
nd |
fix name of The Apache Software Foundation |
71da3cca78eea6010f89b139ecadb79e6d213c4f 102523 |
|
06-Feb-2004 |
nd |
apply Apache License, version 2.0 |
26a4456dd6f1a5d7d7fff766551461a578687c4a 102135 |
|
01-Jan-2004 |
nd |
update license to 2004. |
c1b808d160bfb5c849263be8d4acff600853a328 101991 |
|
05-Dec-2003 |
trawick |
stop using apr_sockaddr_port_get() accessor function, as it will
disappear from APR 1.0 API shortly |
0df0055470838140d9797dd186b2fdbe67edcc57 101884 |
|
25-Nov-2003 |
jorton |
* modules/dav/main/util.c (dav_validate_resource_state): Simplify weak
etag comparison to avoid unnecessary tests and pstrdup calls. |
0fad1368edb71b1411d6d00684900e5d2a6e6b78 99524 |
|
22-Apr-2003 |
jerenkrantz |
Fix a typo in the weak entity check. The prefix is W/" not "W/. |
33bdcae1f7a1a65e351dda2a766a0cf28b1e695d 98573 |
|
03-Feb-2003 |
nd |
finished that boring job:
update license to 2003.
Happy New Year! ;-)) |
f62725f6fe5ce1c46f836cc47c121b2046b97fb7 98557 |
|
31-Jan-2003 |
trawick |
fix misuse of const in a recent commit
warnings with recent gcc
compile break with native compiler for AIX |
3ded62d7f2c9b12616d718b8c97d3044baa9ecdb 98536 |
|
29-Jan-2003 |
jerenkrantz |
Allow mod_dav to do weak entity comparison function rather than a strong
entity comparison function. (i.e. it will optionally strip the W/ prefix.)
PR: 14921 (kinda, but not really) |
5a8f3bcf803321e69b226d3b98314305a68a586c 98524 |
|
29-Jan-2003 |
jerenkrantz |
Fix If header parsing when a non-mod_dav lock token is passed to it. We'll
now just skip over it rather than aborting.
PR: 16452 |
cdcb6937fbc9f4283e1783a0d43b62e9e8ad08d3 98187 |
|
07-Jan-2003 |
gstein |
When unlocking, the auto-checkin code does not need to refer to the
parent resource. We want to (possibly) check in only the resource
identified by the params.
Bug found by David Waite <mass@akuma.org> |
6f15570e3adc0faf87bf55f70857028276fc9e32 97342 |
|
29-Oct-2002 |
wrowe |
Detabbify. With extreme prejudice. |
58fd79b56eb624bf011772994e9761d3c2e228c1 95993 |
|
10-Jul-2002 |
orlikowski |
Continue the Bill Rowe apr_size_t crusade. |
24efed0910118b762a4eb84830875d4714b8d315 95966 |
|
06-Jul-2002 |
ianh |
Renames Pending:
This clears the list of renames pending in apr-util.
Parts of this list was alreadu done, but the pending list hadn't been updated.
apr_hook_debug_current from apr_current_hooking_module
apr_hook_debug_show from apr_show_hook
apr_hook_global_pool from apr_global_hook_pool
apr_hook_sort_all from apr_sort_hooks
apr_uri_port_of_scheme from apr_uri_default_port_for_scheme
apr_uri_unparse from apr_uri_unparse_components
apr_uri_parse from apr_uri_parse_components
apr_uri_parse_hostinfo from apr_uri_parse_hostinfo_components
apr_uri_t from apr_uri_components
All APR_URI_* from all APU_URI_* symbols
All APR_UNP_* from all UNP_* symbols
PR:
Obtained from:
Submitted by: Thom May
Reviewed by: |
0946f90438dcf29a5fe5d9e21559b3b9d640bc12 95862 |
|
23-Jun-2002 |
wrowe |
The real pain. ap->apr xml and text types. |
bc8fd1b0b1afdf89b8d28eefa8cd74e26ba97986 93918 |
|
13-Mar-2002 |
fielding |
Update our copyright for this year. |
5b03ba47ff7225cacb131f14b019332af27da960 93651 |
|
01-Mar-2002 |
gstein |
Give mod_dav the ability to output both standard and customized
<D:error> responses. It's crucial for marshalling svn error messages
back over to the client; and someday it will be needed to return
specific <DAV:> errors as dictated by the DeltaV spec.
* mod_dav.h (dav_error): add two new fields -- an optional error
namespace, and an error-tag-name. Remove the 'delayed computation'
function and cxt ptrs in this struct; they were never used.
(dav_new_error_tag): new alternative constructor that takes new
fields.
* util.c (dav_new_error_tag): implement constructor.
* mod_dav.c (dav_error_response_tag): new function to output
'standard' xml error response based on error struct.
(dav_handle_err): if no multistatus response is passed in, and if an
error-tag is defined, then call our new xml-output routine.
Submitted by: Ben Collins-Sussman <sussman@collab.net> |
77c2148c53e0a4a20a80af735caa4e0e6bd448e0 92971 |
|
22-Jan-2002 |
gstein |
dav_xml_get_cdata() is an exported function, so mark it as such with
the DAV_DECLARE macro. [ Barry Pederson <barryp@yahoo.com> ]
Apache's handling of ports is broken. Temporarily disable the port
checking in the Destination: header. [ Greg Stein ] |
6810bf1570bed88d16239b27ce47d48408bb2e51 91063 |
|
18-Sep-2001 |
gstein |
Need to store the pool into the xmlns structure. |
b5989e567e4fac5b3ab1252024ae19b0a54893a7 91004 |
|
11-Sep-2001 |
gstein |
Add an opaque datatype for managing a set of XML namespace declarations.
Part of an upcoming propdb API improvement. |
8b99f2a316c5e2fa6ab208206fdd7fc2bfc4a921 90361 |
|
19-Aug-2001 |
dougm |
adjust to apr_uri_ rename |
ab5dc1422ca0de9fdbfe827a0610b43512f47327 90359 |
|
19-Aug-2001 |
dougm |
adjust to UNP_ -> APR_URI_UNP_ rename |
864c5615d55b8ebbde24e72043f6325741335a74 89198 |
|
22-May-2001 |
fielding |
Moved util_uri to apr-util/uri/apr_uri, which means adding the apr_
prefix to all of the uri functions (yuck), changing some includes,
and using APR error codes instead of HTTP-specific error codes.
Other notes to test this patch:
- You need to delete the util_uri.h file - exports picks up on this.
- I'd like to remove the apr_uri.h from httpd.h, but that might
increase the complexity of this patch even further. Once this patch
is accepted (in some form), then I can focus on removing apr_uri.h
from httpd.h entirely. I need baby steps (heh) right now.
- I imagine that this might break a bunch of stuff in Win32 or other OS
builds with foreign dependency files. Any help here is appreciated.
This is a start... -- justin
Submitted by: Justin Erenkrantz
Reviewed by: Roy Fielding |
1e2133fe37e6cbcd683233057ef62236bc8e5826 88968 |
|
01-May-2001 |
trawick |
Initialize a local variable to prevent a gcc warning about
possible use before set. The code was fine but it is best
to keep gcc quiet lest we stop paying attention. |
ab78b55c6dc4431d2c68d6bb4d169ba1554290a8 88943 |
|
27-Apr-2001 |
gstein |
fast-path some cases, primarily to avoid an allocation when it isn't needed.
for a "nice" piece of cdata which is in one chunk, this can usually avoid an
allocation. |
48f35e10f195dd594d75738fc536bb885eda537c 88876 |
|
17-Apr-2001 |
gstein |
allow non-absolute URIs to occur in some of the requests. RFC 2518 states
that the Destination: header (used in MOVE/COPY) must be an absolute URI, so
it keeps that constraint. |
4d0b0b6d8341c5e54b2081665fc91b4e4f781753 88856 |
|
14-Apr-2001 |
gstein |
Fix up the auto-versioning stuff. The new scheme more closely matches the
intent of DeltaV draft 14, simplifying some previous assumptions.
Includes some heavy fixes to MOVE/COPY in a versioning world.
Fix to CHECKOUT when a working resource is not created (checkout in place)
Submitted by: John Vasta <jvasta@rational.com> |
5cf4c8eb61be2982ebe7947d61a36696b6ac432d 88762 |
|
08-Apr-2001 |
orlikowski |
Backing my earlier change out; There exists the possibility for
ap_parse_uri_components to not fill in the port field in certain cases,
i.e. wherein the uri begins with / |
313c284b8ad24b5119cca6dd6e08eb330f3f63a7 88718 |
|
04-Apr-2001 |
orlikowski |
Since ap_parse_uri_components() now guarantees port will be filled in,
this is no longer needed in dav. |
d0b8a620f3625f57ff85d9b94fa549c8cfdc5934 88599 |
|
28-Mar-2001 |
gstein |
Patch to sync with some changes to mod_dav 1.1:
*) revamp the set_target stuff -- latest draft calls this UPDATE
*) update the CHECKIN method handling
*) liveprop providers can catch/define "core" properties before the core
gets a chance.
Submitted by: John Vasta <jvasta@rational.com>
Reviewed by: Greg Stein |
f80b9e9d38dff8bc3f51406475adb99d7fe888ce 88508 |
|
13-Mar-2001 |
gstein |
*) mod_dav.c: allow PUT to a WORKING resource (this actually the only valid
place to do a PUT(!))
*) util.c: add a comment. allow validation to proceed without a lock
database (the rest of the code supported it; one erroneous check disabled
that work)
*) util_lock.c: allow dav_unlock() to be a no-op when a lock provide isn't
present; this allows DELETE to work. |
952023a04a2f9d51553babd9094fb857f1c97548 88304 |
|
24-Feb-2001 |
trawick |
include apr_lib.h for apr_isspace() definition |
b99dbaab171d91e1b664397cc40e039d0c087c65 88184 |
|
16-Feb-2001 |
fielding |
Update copyright to 2001 |
1b21d7b3d97def358b2e923655edeb16613a1c31 88060 |
|
10-Feb-2001 |
gstein |
Clean up some of the includes:
- explicitly include apr_lib.h since ap_config.h doesn't
- use apr_want.h where possible
- use APR_HAVE_ where possible
- remove some unneeded includes |
066877f1a045103acfdd376d48cdd473c33f409b 88019 |
|
08-Feb-2001 |
dougm |
renaming various functions for consistency sake
see: http://apr.apache.org/~dougm/apr_rename.pl
PR:
Obtained from:
Submitted by:
Reviewed by: |
f39230a531b23d94f86a087963299bbe2e431a4a 88007 |
|
07-Feb-2001 |
gstein |
Revamp the CHECKOUT method handling and various support functions for it.
Basically, the original CHECKOUT was based on a really old draft of the
DeltaV specification. This brings it up to date.
*) get_resource hook now takes an optional label name and/or a flag on
whether to use the DAV:checked-in property; if either one is provided,
then a version resource is looked up and returned.
WARNING: the parameter types are now the same, but have very different
semantics. this means you won't get a compile error to figure
out that something needs to be changed here.
*) mod_dav.c::dav_get_resource no longer cahces the fetched resource in the
request userdata. Some requests will call this function multiple times,
for different resources -- we don't want to keep returning the same
resource (no idea how this ended up working).
*) dav_get_resource()'s parameters have been updated. target_allowed is old
terminology; it is now label_allowed. The target paramter is obsoleted by
the simple use_checked_in flag.
*) dav_get_target_selector() is obsolete. XML element processing is done
within the CHECKOUT method (i.e. only where it occurs). The other half of
the old function was to simply fetch the Label: header.
*) DAV_TARGET_SELECTOR_HDR is now DAV_LABEL_HDR
*) dav_method_checkout() now processes all the various options for a
CHECKOUT method and either modifies the initial resource lookup, or
passes the data to the checkout hook function.
*) the checkout hook grew a bunch of new parameters
*) new utility function: dav_xml_get_cdata() to gather up all the CDATA from
an XML element. this is used to extract DAV:href values.
(probably move to util_xml.c at some point) |
866b521be8a30b2798ad3c3b73de5e965edd7c2f 87852 |
|
26-Jan-2001 |
gstein |
Provide a way to allow get_resource and get_parent_resource to return errors
that might occur during the parsing of the URI and/or the lookup of the
resource in the repository.
Specifically: return a dav_error* and move the returned dav_resource* to an
"out" parameter of the hook function. |
91644a5f4d3e992dc208304b50e80bbb236fca89 87342 |
|
14-Dec-2000 |
trawick |
The local_addr and remote_addr fields in the conn_rec are now
apr_sockaddr_t * instead of sockaddr_in. This is a small step
towards IPv6 support. |
f958dac1550254a59b45f4655138bb34dad5e76e 87072 |
|
23-Nov-2000 |
gstein |
*) fix subtle crasher in COPY method
*) update sub-request-creation calls to include new "next filter" arg |
7281ea331999debdc337b02ce37a3169e0e033a2 86972 |
|
15-Nov-2000 |
gstein |
Apply a patch from John Vasta for adding (some/more) DeltaV support to
mod_dav. The patch applied and compiled cleanly, so I'm committing. Any
necessary changes from a review will come later, so that we can easily track
what needed to change (and can be back-ported to mod_dav 1.1).
Submitted by: John Vasta <jvasta@rational.com> |
f94aab38f6ee899f463f0118ea395291f7c5b4ce 86887 |
|
09-Nov-2000 |
gstein |
final round of walker cleanup: fix the provider API to match what is Right. |
52c1d304b1bd8e05da40a7cded2ecb9f0ba614c5 86884 |
|
09-Nov-2000 |
gstein |
first round whack at cleaning up the walker interface |
98e9c4a310bb623ff788680f88b6bd200ff36a24 86542 |
|
11-Oct-2000 |
wrowe |
Here it is, mod_dav should build quite nicely on Win32 (two last mild
warnings to contend with.) |
83719c22db4a6d0575bb4f7f34382d7b185a6f74 86424 |
|
07-Oct-2000 |
gstein |
forward-port John Vasta's checkin to mod_dav 1.1.x (on Sep 25, 2000). this
begins some work to upgrade the versioning support to some of the more
recent drafts.
- get_resource hook has new params
- create_collection hook no longer takes a pool
- new dav_auto_version_info structure to group up autoversion
rollback/commit handling data
- new functions for getting workspace, target-selector, etc
- supportedlock hook now takes the resource in question (since different
resources may have different locks)
- new resource types; tweaks in props.c to support them
- some tweaks with resource creation, Location header, etc. |
50bd75672ef114fb839dd9643c192b432fdf344c 86186 |
|
09-Sep-2000 |
gstein |
update the WebDAV versioning support:
- recognize and dispatch the latest set of DeltaV methods
- refine the CHECKOUT provider hook
- add avail_reports provider hook
- fix the "target" resolution mechanism |
8a46775d163c06a8c51d1b0a3f2edfde945cb1d8 86029 |
|
08-Aug-2000 |
stoddard |
Updated patch to fix compile warnings from not including apr_strings.h
Submitted by: Joe Orton <joe@orton.demon.co.uk>
Reviewed by: Bill Stoddard |
1ccd992d37d62c8cb2056126f2234f64ec189bfd 85976 |
|
02-Aug-2000 |
dougm |
prefix libapr functions and types with apr_ |
a1de70bda57b72d8cc6b47ea744e0973ed424f56 85878 |
|
25-Jul-2000 |
wrowe |
Add APR_EOL_STR for a platform specific text delimiter, provided by
apr.h (defined in apr.h.in and apr.hw). This is needed -only- in APR
created files (true raw files) such as logs. It is not required in any
splat to screen (stderr/stdout) formatting, nor any html markup.
Some other modules slipped through in the prior apr_strings.h commit.
Sorry 'bout that.
PR:
Obtained from:
Submitted by:
Reviewed by: |
252e2478cb56afb5ca8585b50bc2ffb780d2efb6 85761 |
|
04-Jul-2000 |
gstein |
Joe Orton writes:
This updates mod_dav for the util_xml changes posted previously:
* dav_xml -> ap_xml, and dav_text -> ap_text renaming
* Add 'dav_elem_private' to hook mod_dav-specific info up to the
parsed XML tree. Initialize this in several places, I think I got
all necessary? [gjs: yes, you did]
* Removal of the old "gross_hack", and all the XML code that was
moved into util_xml
Submitted by: Joe Orton <joe@orton.demon.co.uk>
Reviewed by: Greg Stein |
26250b0077972bf21b6d8a8d23772a4cf53f9477 85751 |
|
03-Jul-2000 |
gstein |
misc const cleanups and others issues found using maintainer-mode
(initial errors found by Ryan Bloom).
also switch to use new command table initializer macros. |
f5ec9b038bb9db933072ba2c0a8e7bb2a3cedbda 85720 |
|
28-Jun-2000 |
gstein |
get the DAV stuff to compile for Apache 2.0. some unpleasantries are in
there, but it *does* compile. |
b0fb330a8581c8bfab5e523084f9f39264a52b12 85718 |
|
28-Jun-2000 |
gstein |
first, obvious step: alter the license/copyright on all mod_dav files. |
f4c310fd2555c6faca1f980f00b161eadb089023 85717 |
|
28-Jun-2000 |
gstein |
initial checkin of the new Apache DAV code. this is a pristine copy of
mod_dav 1.0.1 (tag "V1_0_1" in the mod_dav CVS repository).
For historical information about these files, see the (old) mod_dav web
site at http://www.webdav.org/mod_dav/. CVS repository information can
be located from those pages. |