[CalendarServer-changes] [8370] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Fri Dec 2 11:28:24 PST 2011
Revision: 8370
http://trac.macosforge.org/projects/calendarserver/changeset/8370
Author: cdaboo at apple.com
Date: 2011-12-02 11:28:24 -0800 (Fri, 02 Dec 2011)
Log Message:
-----------
Disable Depth:infinity PROPFINDs.
Modified Paths:
--------------
CalendarServer/trunk/twext/web2/dav/element/rfc2518.py
CalendarServer/trunk/twext/web2/dav/method/propfind.py
CalendarServer/trunk/twistedcaldav/method/propfind.py
CalendarServer/trunk/twistedcaldav/test/test_props.py
CalendarServer/trunk/twistedcaldav/test/test_schedule.py
Modified: CalendarServer/trunk/twext/web2/dav/element/rfc2518.py
===================================================================
--- CalendarServer/trunk/twext/web2/dav/element/rfc2518.py 2011-12-02 19:26:15 UTC (rev 8369)
+++ CalendarServer/trunk/twext/web2/dav/element/rfc2518.py 2011-12-02 19:28:24 UTC (rev 8370)
@@ -1,5 +1,5 @@
##
-# Copyright (c) 2005 Apple Computer, Inc. All rights reserved.
+# Copyright (c) 2005-2011 Apple Computer, Inc. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@@ -574,3 +574,11 @@
protected = True
allowed_children = { (dav_namespace, "lockentry"): (0, None) }
+
+# Pre-conditions codes defined in RFC4918
+
+class PropfindFiniteDepth (WebDAVEmptyElement):
+ """
+ Error which indicates Depth:infinity PROPFIND not allowed
+ """
+ name = "propfind-finite-depth"
Modified: CalendarServer/trunk/twext/web2/dav/method/propfind.py
===================================================================
--- CalendarServer/trunk/twext/web2/dav/method/propfind.py 2011-12-02 19:26:15 UTC (rev 8369)
+++ CalendarServer/trunk/twext/web2/dav/method/propfind.py 2011-12-02 19:28:24 UTC (rev 8370)
@@ -1,6 +1,6 @@
# -*- test-case-name: twext.web2.dav.test.test_prop.PROP.test_PROPFIND -*-
##
-# Copyright (c) 2005 Apple Computer, Inc. All rights reserved.
+# Copyright (c) 2005-2011 Apple Computer, Inc. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@@ -40,7 +40,8 @@
from twext.web2 import responsecode
from twext.web2.http import StatusResponse
from twext.web2.dav import davxml
-from twext.web2.dav.http import MultiStatusResponse, statusForFailure
+from twext.web2.dav.http import MultiStatusResponse, statusForFailure,\
+ ErrorResponse
from twext.web2.dav.util import normalizeURL, davXMLFromStream
log = Logger()
@@ -106,6 +107,10 @@
#
request_uri = request.uri
depth = request.headers.getHeader("depth", "infinity")
+
+ # By policy we will never allow a depth:infinity propfind
+ if depth == "infinity":
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, davxml.PropfindFiniteDepth()))
xml_responses = []
Modified: CalendarServer/trunk/twistedcaldav/method/propfind.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/method/propfind.py 2011-12-02 19:26:15 UTC (rev 8369)
+++ CalendarServer/trunk/twistedcaldav/method/propfind.py 2011-12-02 19:28:24 UTC (rev 8370)
@@ -1,6 +1,6 @@
# -*- test-case-name: twext.web2.dav.test.test_prop.PROP.test_PROPFIND -*-
##
-# Copyright (c) 2005-2008 Apple Computer, Inc. All rights reserved.
+# Copyright (c) 2005-2011 Apple Computer, Inc. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@@ -33,7 +33,8 @@
from twext.web2 import responsecode
from twext.web2.http import StatusResponse
from twext.web2.dav import davxml
-from twext.web2.dav.http import MultiStatusResponse, statusForFailure
+from twext.web2.dav.http import MultiStatusResponse, statusForFailure,\
+ ErrorResponse
from twext.web2.dav.util import normalizeURL, davXMLFromStream
from twext.python.log import Logger
@@ -103,6 +104,10 @@
request_uri = request.uri
depth = request.headers.getHeader("depth", "infinity")
+ # By policy we will never allow a depth:infinity propfind
+ if depth == "infinity":
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, davxml.PropfindFiniteDepth()))
+
xml_responses = []
# FIXME: take advantage of the new generative properties of findChildren
Modified: CalendarServer/trunk/twistedcaldav/test/test_props.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/test_props.py 2011-12-02 19:26:15 UTC (rev 8369)
+++ CalendarServer/trunk/twistedcaldav/test/test_props.py 2011-12-02 19:28:24 UTC (rev 8370)
@@ -1,5 +1,5 @@
##
-# Copyright (c) 2005-2007 Apple Inc. All rights reserved.
+# Copyright (c) 2005-2011 Apple Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@
import os
-from twext.web2 import responsecode
+from twext.web2 import responsecode, http_headers
from twext.web2.iweb import IResponse
from twext.web2.dav import davxml
from twext.web2.dav.util import davXMLFromStream
@@ -134,7 +134,12 @@
),
)
- request = SimpleRequest(self.site, "PROPFIND", calendar_uri)
+ request = SimpleRequest(
+ self.site,
+ "PROPFIND",
+ calendar_uri,
+ headers=http_headers.Headers({"Depth":"0"}),
+ )
request.stream = MemoryStream(query.toxml())
return self.send(request, propfind_cb)
@@ -200,7 +205,12 @@
davxml.AllProperties(),
)
- request = SimpleRequest(self.site, "PROPFIND", calendar_uri)
+ request = SimpleRequest(
+ self.site,
+ "PROPFIND",
+ calendar_uri,
+ headers=http_headers.Headers({"Depth":"0"}),
+ )
request.stream = MemoryStream(query.toxml())
return self.send(request, propfind_cb)
Modified: CalendarServer/trunk/twistedcaldav/test/test_schedule.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/test_schedule.py 2011-12-02 19:26:15 UTC (rev 8369)
+++ CalendarServer/trunk/twistedcaldav/test/test_schedule.py 2011-12-02 19:28:24 UTC (rev 8370)
@@ -14,7 +14,7 @@
# limitations under the License.
##
-from twext.web2 import responsecode
+from twext.web2 import responsecode, http_headers
from twext.web2.dav import davxml
from twext.web2.dav.util import davXMLFromStream
from twext.web2.http import HTTPError
@@ -79,7 +79,12 @@
),
)
- request = SimpleRequest(self.site, "PROPFIND", inbox_uri)
+ request = SimpleRequest(
+ self.site,
+ "PROPFIND",
+ inbox_uri,
+ headers=http_headers.Headers({"Depth":"0"}),
+ )
request.stream = MemoryStream(query.toxml())
return self.send(request, propfind_cb)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20111202/d4d658f7/attachment.html>
More information about the calendarserver-changes
mailing list