Bug#409371: zope WebDAV service chokes on nested resources with
id's containing whitespace
vincent kraeutler
vincent at kraeutler.net
Fri Feb 2 14:31:33 CET 2007
Package: zope2.7
Version: 2.7.5-2sarge3
Severity: important
Tags: patch
-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.19-vs2.2.0-rc2
Locale: LANG=de_BE at euro, LC_CTYPE=de_BE at euro (charmap=ISO-8859-15)
Versions of packages zope2.7 depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.30.13 Debian configuration management sy
ii dpkg 1.10.28 Package maintenance system for Deb
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii python2.3 2.3.5-3sarge2 An interactive high-level object-o
ii python2.3-xml 0.8.4-1 XML tools for Python (2.3.x)
-- debconf information:
zope/upgrade/2.7:
* zope/tips/2.7:
* zope/tips/standalone_install:
zope/instance_home/move: true
* shared/zope/restart: end
PROBLEM DESCRIPTION:
when connecting to a zope2.7 instance via WebDAV, resources containing
whitespace may be inaccessible.
STEPS TO REPRODUCE:
1. Connect to zope instance via WebDAV. In my case, this would be by using
Mac OS X's builtin WebDAV client ("Connect to Server", or Command-K).
2. Create resource containing whitespace in file name. In my case, this
would be by "File->Create New Folder", or Shift-Command-N. This will
create a resource called "untitled folder" which shows up in the finder.
3. change directory to that resource.
4. Repeat step 2. I.e. type Shift-Command-N. This will create a new
resource called "untitled folder" which does NOT show up in the finder.
It does, however, show up in the zope management screen.
BUG DESCRIPTION:
Running a PROPFIND (depth > 0) in a resource fails to quote the child
id. The following is a relevant excerpt from a conversation of the finder WebDAV
client with a zope2.7 instance. Note how in the second response the URL
of the resource is not properly quoted:
PROPFIND /data/untitled%20folder/ HTTP/1.1^M
User-Agent: WebDAVFS/1.4.1 (01418000) Darwin/8.8.1 (i386)^M
Accept: */*^M
Content-Type: text/xml^M
Depth: 1^M
Authorization: Basic XXXX
Content-Length: 232^M
Connection: keep-alive^M
Host: www.test.com^M
^M
<?xml version="1.0" encoding="utf-8"?>
<D:propfind xmlns:D="DAV:">
<D:prop xmlns:A="http://www.apple.com/webdav_fs/props/">
<D:getlastmodified/>
<D:getcontentlength/>
<D:resourcetype/>
<A:appledoubleheader/>
</D:prop>
</D:propfind>
HTTP/1.1 207 Multi-Status^M
Server: Zope/(Zope 2.7.5-final, python 2.3.5, linux2) ZServer/1.1^M
Date: Fri, 02 Feb 2007 12:44:34 GMT^M
Date: Fri, 02 Feb 2007 12:44:33 GMT^M
Connection: close^M
Content-Type: text/xml; charset="utf-8"^M
Content-Length: 2755^M
^M
<?xml version="1.0" encoding="utf-8"?>
<d:multistatus xmlns:d="DAV:">
<d:response>
<d:href>/data/untitled%20folder/</d:href>
<d:propstat>
[...]
<d:response>
<d:href>/data/untitled%20folder/untitled folder/</d:href>
<d:propstat>
**************
[...]
SUGGESTED FIX:
In /usr/lib/zope2.7/lib/python/webdav/davcmds.py, line 164:
Replace:
uri=os.path.join(url, absattr(ob.id))
with:
uri=os.path.join(url, quote(absattr(ob.id)))
More information about the pkg-zope-developers
mailing list