arrfab / rpms / httpd

Forked from rpms/httpd 5 years ago
Clone

Blame SOURCES/httpd-2.4.6-r1507681+.patch

706609
# ./pullrev.sh 1507681 1533447
706609
706609
https://bugzilla.redhat.com/show_bug.cgi?id=1004046
706609
706609
http://svn.apache.org/viewvc?view=revision&revision=1507681
706609
http://svn.apache.org/viewvc?view=revision&revision=1533447
706609
706609
--- httpd-2.4.6/modules/dav/main/mod_dav.c
706609
+++ httpd-2.4.6/modules/dav/main/mod_dav.c
706609
@@ -2756,7 +2756,7 @@
706609
      * The multistatus responses will contain the information about any
706609
      * resource that fails the validation.
706609
      *
706609
-     * We check the parent resource, too, since this is a MOVE. Moving the
706609
+     * We check the parent resource, too, if this is a MOVE. Moving the
706609
      * resource effectively removes it from the parent collection, so we
706609
      * must ensure that we have met the appropriate conditions.
706609
      *
706609
@@ -2765,7 +2765,9 @@
706609
      */
706609
     if ((err = dav_validate_request(r, resource, depth, NULL,
706609
                                     &multi_response,
706609
-                                    DAV_VALIDATE_PARENT
706609
+                                    (is_move ? DAV_VALIDATE_PARENT
706609
+                                             : DAV_VALIDATE_RESOURCE
706609
+                                               | DAV_VALIDATE_NO_MODIFY)
706609
                                     | DAV_VALIDATE_USE_424,
706609
                                     NULL)) != NULL) {
706609
         err = dav_push_error(r->pool, err->status, 0,
706609
--- httpd-2.4.6/modules/dav/main/util.c
706609
+++ httpd-2.4.6/modules/dav/main/util.c
706609
@@ -954,13 +954,16 @@
706609
         /*
706609
         ** For methods other than LOCK:
706609
         **
706609
-        ** If we have no locks, then <seen_locktoken> can be set to true --
706609
+        ** If we have no locks or if the resource is not being modified
706609
+        ** (per RFC 4918 the lock token is not required on resources
706609
+        ** we are not changing), then <seen_locktoken> can be set to true --
706609
         ** pretending that we've already met the requirement of seeing one
706609
         ** of the resource's locks in the If: header.
706609
         **
706609
         ** Otherwise, it must be cleared and we'll look for one.
706609
         */
706609
-        seen_locktoken = (lock_list == NULL);
706609
+        seen_locktoken = (lock_list == NULL
706609
+                          || flags & DAV_VALIDATE_NO_MODIFY);
706609
     }
706609
 
706609
     /*
706609
--- httpd-2.4.6/modules/dav/main/mod_dav.h
706609
+++ httpd-2.4.6/modules/dav/main/mod_dav.h
706609
@@ -1297,6 +1297,9 @@
706609
                                            the 424 DAV:response */
706609
 #define DAV_VALIDATE_USE_424    0x0080  /* return 424 status, not 207 */
706609
 #define DAV_VALIDATE_IS_PARENT  0x0100  /* for internal use */
706609
+#define DAV_VALIDATE_NO_MODIFY  0x0200  /* resource is not being modified
706609
+                                           so allow even if lock token
706609
+                                           is not provided */
706609
 
706609
 /* Lock-null related public lock functions */
706609
 DAV_DECLARE(int) dav_get_resource_state(request_rec *r,