[Pkg-owncloud-commits] [php-sabredav] 157/275: Now emitting 400 Bad Request upon PUT requests with Content-Range.
David Prévot
taffit at moszumanska.debian.org
Thu Sep 25 14:56:03 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository php-sabredav.
commit 031eb4b5a3f41ee97db4cf472a9118a31a1268e7
Author: Evert Pot <evert at rooftopsolutions.nl>
Date: Mon Aug 18 00:30:14 2014 -0400
Now emitting 400 Bad Request upon PUT requests with Content-Range.
---
ChangeLog.md | 2 ++
lib/DAV/CorePlugin.php | 29 +++++++----------------------
tests/Sabre/DAV/HttpPutTest.php | 2 +-
3 files changed, 10 insertions(+), 23 deletions(-)
diff --git a/ChangeLog.md b/ChangeLog.md
index 086650a..5dff4f6 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -17,6 +17,8 @@ ChangeLog
* Changed: Now return HTTP errors when an addressbook-query REPORT is done
on a uri that's not a vcard. This should help with debugging this common
mistake.
+* Changed: `PUT` requests with a `Content-Range` header now emit a 400 status
+ instead of 501, as per RFC7231.
2.0.4 (????-??-??)
------------------
diff --git a/lib/DAV/CorePlugin.php b/lib/DAV/CorePlugin.php
index 446a98f..21e82eb 100644
--- a/lib/DAV/CorePlugin.php
+++ b/lib/DAV/CorePlugin.php
@@ -437,29 +437,14 @@ class CorePlugin extends ServerPlugin {
// Intercepting Content-Range
if ($request->getHeader('Content-Range')) {
/**
- Content-Range is dangerous for PUT requests: PUT per definition
- stores a full resource. draft-ietf-httpbis-p2-semantics-15 says
- in section 7.6:
- An origin server SHOULD reject any PUT request that contains a
- Content-Range header field, since it might be misinterpreted as
- partial content (or might be partial content that is being mistakenly
- PUT as a full representation). Partial content updates are possible
- by targeting a separately identified resource with state that
- overlaps a portion of the larger resource, or by using a different
- method that has been specifically defined for partial updates (for
- example, the PATCH method defined in [RFC5789]).
- This clarifies RFC2616 section 9.6:
- The recipient of the entity MUST NOT ignore any Content-*
- (e.g. Content-Range) headers that it does not understand or implement
- and MUST return a 501 (Not Implemented) response in such cases.
- OTOH is a PUT request with a Content-Range currently the only way to
- continue an aborted upload request and is supported by curl, mod_dav,
- Tomcat and others. Since some clients do use this feature which results
- in unexpected behaviour (cf PEAR::HTTP_WebDAV_Client 1.0.1), we reject
- all PUT requests with a Content-Range for now.
- */
+ An origin server that allows PUT on a given target resource MUST send
+ a 400 (Bad Request) response to a PUT request that contains a
+ Content-Range header field.
+
+ Reference: http://tools.ietf.org/html/rfc7231#section-4.3.4
- throw new Exception\NotImplemented('PUT with Content-Range is not allowed.');
+ */
+ throw new Exception\BadRequest('Content-Range on PUT requests are forbidden.');
}
// Intercepting the Finder problem
diff --git a/tests/Sabre/DAV/HttpPutTest.php b/tests/Sabre/DAV/HttpPutTest.php
index 874c028..cf15b23 100644
--- a/tests/Sabre/DAV/HttpPutTest.php
+++ b/tests/Sabre/DAV/HttpPutTest.php
@@ -162,7 +162,7 @@ class HttpPutTest extends DAVServerTest {
);
$response = $this->request($request);
- $this->assertEquals(501, $response->getStatus());
+ $this->assertEquals(400, $response->getStatus());
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabredav.git
More information about the Pkg-owncloud-commits
mailing list