[Pkg-owncloud-commits] [php-sabredav] 60/66: Documentation tweaks for #398.
David Prévot
taffit at moszumanska.debian.org
Sat Jan 18 20:08:23 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository php-sabredav.
commit b6fb30cdb729c33f06a6b6673c1e0e238fa1cc98
Author: Evert Pot <evert at rooftopsolutions.nl>
Date: Mon Jan 13 17:08:15 2014 -0500
Documentation tweaks for #398.
---
ChangeLog | 2 ++
lib/Sabre/DAV/Server.php | 8 +++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index f4f6ff7..5c65ee7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@
* Fixed: Issue #178. Support for multiple items in the Timeout header.
* Fixed: Issue #382. Stricter checking if calendar-query is allowed to
run.
+ * Added: Depth: Infinity support for PROPFIND request. Thanks Thomas
+ Müller.
1.9.0-alpha1 (2013-11-07)
* The zip release ships with sabre/vobject 3.1.3, sabre/http 2.0.0alpha5,
diff --git a/lib/Sabre/DAV/Server.php b/lib/Sabre/DAV/Server.php
index 469c46e..b14bb65 100644
--- a/lib/Sabre/DAV/Server.php
+++ b/lib/Sabre/DAV/Server.php
@@ -159,7 +159,13 @@ class Server extends EventEmitter {
];
/**
- * This property allows the usage of depth INFINITY.
+ * This property allows the usage of Depth: infinity on PROPFIND requests.
+ *
+ * By default Depth: infinity is treated as Depth: 1. Allowing Depth:
+ * infinity is potentially risky, as it allows a single client to do a full
+ * index of the webdav server, which is an easy DoS attack vector.
+ *
+ * Only turn this on if you know what you're doing.
*
* @var bool
*/
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabredav.git
More information about the Pkg-owncloud-commits
mailing list