arrfab / rpms / httpd

Forked from rpms/httpd 5 years ago
Clone
Blob Blame History Raw
# ./pullrev.sh 1507681 1533447

https://bugzilla.redhat.com/show_bug.cgi?id=1004046

http://svn.apache.org/viewvc?view=revision&revision=1507681
http://svn.apache.org/viewvc?view=revision&revision=1533447

--- httpd-2.4.6/modules/dav/main/mod_dav.c
+++ httpd-2.4.6/modules/dav/main/mod_dav.c
@@ -2756,7 +2756,7 @@
      * The multistatus responses will contain the information about any
      * resource that fails the validation.
      *
-     * We check the parent resource, too, since this is a MOVE. Moving the
+     * We check the parent resource, too, if this is a MOVE. Moving the
      * resource effectively removes it from the parent collection, so we
      * must ensure that we have met the appropriate conditions.
      *
@@ -2765,7 +2765,9 @@
      */
     if ((err = dav_validate_request(r, resource, depth, NULL,
                                     &multi_response,
-                                    DAV_VALIDATE_PARENT
+                                    (is_move ? DAV_VALIDATE_PARENT
+                                             : DAV_VALIDATE_RESOURCE
+                                               | DAV_VALIDATE_NO_MODIFY)
                                     | DAV_VALIDATE_USE_424,
                                     NULL)) != NULL) {
         err = dav_push_error(r->pool, err->status, 0,
--- httpd-2.4.6/modules/dav/main/util.c
+++ httpd-2.4.6/modules/dav/main/util.c
@@ -954,13 +954,16 @@
         /*
         ** For methods other than LOCK:
         **
-        ** If we have no locks, then <seen_locktoken> can be set to true --
+        ** If we have no locks or if the resource is not being modified
+        ** (per RFC 4918 the lock token is not required on resources
+        ** we are not changing), then <seen_locktoken> can be set to true --
         ** pretending that we've already met the requirement of seeing one
         ** of the resource's locks in the If: header.
         **
         ** Otherwise, it must be cleared and we'll look for one.
         */
-        seen_locktoken = (lock_list == NULL);
+        seen_locktoken = (lock_list == NULL
+                          || flags & DAV_VALIDATE_NO_MODIFY);
     }
 
     /*
--- httpd-2.4.6/modules/dav/main/mod_dav.h
+++ httpd-2.4.6/modules/dav/main/mod_dav.h
@@ -1297,6 +1297,9 @@
                                            the 424 DAV:response */
 #define DAV_VALIDATE_USE_424    0x0080  /* return 424 status, not 207 */
 #define DAV_VALIDATE_IS_PARENT  0x0100  /* for internal use */
+#define DAV_VALIDATE_NO_MODIFY  0x0200  /* resource is not being modified
+                                           so allow even if lock token
+                                           is not provided */
 
 /* Lock-null related public lock functions */
 DAV_DECLARE(int) dav_get_resource_state(request_rec *r,