Misc bug fixes

d0685ae5 · 8557dcb7 · d0685ae5 · d0685ae5
Commit d0685ae5 authored Mar 10, 1999 by
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 31 deletions

lib/python/webdav/Resource.py lib/python/webdav/Resource.py +19 -13

lib/python/webdav/xmlcmds.py lib/python/webdav/xmlcmds.py +37 -18

No files found.
--- a/lib/python/webdav/Resource.py
+++ b/lib/python/webdav/Resource.py
@@ -85,7 +85,7 @@

 """WebDAV support - resource objects."""

-__version__='$Revision: 1.13 $'[11:-2]
+__version__='$Revision: 1.14 $'[11:-2]

 import sys, os, string, mimetypes, xmlcmds
 from common import absattr, aq_base, urlfix, rfc1123_date
@@ -185,8 +185,7 @@ class Resource:
    def PROPFIND(self, REQUEST, RESPONSE):
        """Retrieve properties defined on the resource."""
        self.dav__init(REQUEST, RESPONSE)
-        try: cmd=xmlcmds.PropFind(REQUEST)
-        except: raise 'Bad Request', 'Invalid xml request.'
+        cmd=xmlcmds.PropFind(REQUEST)
        result=cmd.apply(self)
        RESPONSE.setStatus(207)
        RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
@@ -200,8 +199,7 @@ class Resource:
            raise 'Method Not Allowed', (
                  'Method not supported for this resource.')
        # TODO: add lock checking here
-        try: cmd=xmlcmds.PropPatch(REQUEST)
-        except: raise 'Bad Request', 'Invalid xml request.'
+        cmd=xmlcmds.PropPatch(REQUEST)
        result=cmd.apply(self)
        RESPONSE.setStatus(207)
        RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
@@ -225,14 +223,16 @@ class Resource:
           not self.cb_isCopyable():
            raise 'Method Not Allowed', 'This object may not be copied.'
        depth=REQUEST.get_header('Depth', 'infinity')
+        if not depth in ('0', 'infinity'):
+            raise 'Bad Request', 'Invalid Depth header.'
        dest=REQUEST.get_header('Destination', '')
        while dest and dest[-1]=='/':
            dest=dest[:-1]
        if not dest:
-            raise 'Bad Request', 'No destination given'
-        flag=REQUEST.get_header('Overwrite', 'F')
-        flag=string.upper(flag)
-        body=REQUEST.get('BODY', '')
+            raise 'Bad Request', 'Invalid Destination header.'
+        oflag=string.upper(REQUEST.get_header('Overwrite', 'F'))
+        if not oflag in ('T', 'F'):
+            raise 'Bad Request', 'Invalid Overwrite header.'
        path, name=os.path.split(dest)
        try: parent=REQUEST.resolve_url(path)
        except ValueError:
@@ -243,8 +243,8 @@ class Resource:
        if hasattr(parent, '__dav_null__'):
            raise 'Conflict', 'Object ancestors must already exist.'
        existing=hasattr(aq_base(parent), name)
-        if existing and flag=='F':
-            raise 'Precondition Failed', 'Resource %s exists.' % dest
+        if existing and oflag=='F':
+            raise 'Precondition Failed', 'Destination resource exists.'
        try: parent._checkId(name, allow_dup=1)
        except: raise 'Forbidden', sys.exc_value
        try: parent._verifyObjectPaste(self, REQUEST)
@@ -253,6 +253,13 @@ class Resource:
        except: raise 'Forbidden', sys.exc_value
        ob=self._getCopy(parent)
        ob._setId(name)
+        if depth=='0' and hasattr(ob, '__dav_collection__'):
+            for id in ob.objectIds():
+                ob._delObject(id)
+        if existing:
+            object=getattr(parent, name)
+            obj.dav__validate(object, 'DELETE', request)
+            parent._delObject(name)
        parent._setObject(name, ob)
        ob=ob.__of__(parent)
        ob._postCopy(parent, op=0)
@@ -304,8 +311,7 @@ class Resource:
        if existing:
            object=getattr(parent, name)
            self.dav__validate(object, 'DELETE', REQUEST)
-            parent._delObject(name)
-            
+            parent._delObject(name)            
        parent._setObject(name, ob)
        ob=ob.__of__(parent)
        ob._postCopy(parent, op=1)

--- a/lib/python/webdav/xmlcmds.py
+++ b/lib/python/webdav/xmlcmds.py
@@ -85,7 +85,7 @@

 """WebDAV xml request objects."""

-__version__='$Revision: 1.14 $'[11:-2]
+__version__='$Revision: 1.15 $'[11:-2]

 import sys, os, string
 from common import absattr, aq_base, urlfix
@@ -108,26 +108,38 @@ class PropFind:
    """Model a PROPFIND request."""
    def __init__(self, request):
        self.request=request
-        data=request.get('BODY', '')
-        self.depth=request.get_header('Depth', 'infinity')
-        self.allprop=(not len(data))
+        self.depth='infinity'
+        self.allprop=0
        self.propname=0
        self.propnames=[]
-        self.parse(data)
+        self.parse(request)
        
-    def parse(self, data, dav='DAV:'):
-        if not data: return
-        root=XmlParser().parse(data)
-        e=root.elements('propfind', ns=dav)[0]
+    def parse(self, request, dav='DAV:'):
+        self.depth=request.get_header('Depth', 'infinity')
+        if not (self.depth in ('0','1','infinity')):
+            raise 'Bad Request', 'Invalid Depth header.'
+        body=request.get('BODY', '')
+        self.allprop=(not len(body))
+        if not body: return
+        try:    root=XmlParser().parse(body)
+        except: raise 'Bad Request', sys.exc_value
+        e=root.elements('propfind', ns=dav)
+        if not e: raise 'Bad Request', 'Invalid xml request.'
+        e=e[0]
        if e.elements('allprop', ns=dav):
            self.allprop=1
            return
        if e.elements('propname', ns=dav):
            self.propname=1
            return
-        prop=e.elements('prop', ns=dav)[0]
+        prop=e.elements('prop', ns=dav)
+        if not prop: raise 'Bad Request', 'Invalid xml request.'
+        prop=prop[0]
        for val in prop.elements():
            self.propnames.append((val.name(), val.namespace()))
+        if (not self.allprop) and (not self.propname) and \
+           (not self.propnames):
+            raise 'Bad Request', 'Invalid xml request.'
        return

    def apply(self, obj, url=None, depth=0, result=None, top=1):
@@ -196,17 +208,22 @@ class PropPatch:
    """Model a PROPPATCH request."""
    def __init__(self, request):
        self.request=request
-        data=request.get('BODY', '')
        self.values=[]
-        self.parse(data)
+        self.parse(request)

-    def parse(self, data, dav='DAV:'):
-        root=XmlParser().parse(data)
+    def parse(self, request, dav='DAV:'):
+        body=request.get('BODY', '')
+        try:    root=XmlParser().parse(body)
+        except: raise 'Bad Request', sys.exc_value
        vals=self.values
-        e=root.elements('propertyupdate', ns=dav)[0]
+        e=root.elements('propertyupdate', ns=dav)
+        if not e: raise 'Bad Request', 'Invalid xml request.'
+        e=e[0]
        for ob in e.elements():
            if ob.name()=='set' and ob.namespace()==dav:
-                proptag=ob.elements('prop', ns=dav)[0]
+                proptag=ob.elements('prop', ns=dav)
+                if not proptag: raise 'Bad Request', 'Invalid xml request.'
+                proptag=proptag[0]
                for prop in proptag.elements():
                    # We have to ensure that all tag attrs (including
                    # an xmlns attr for all xml namespaces used by the
@@ -227,9 +244,10 @@ class PropPatch:
                        md={'__xml_attrs__':attrs}
                        item=(name, ns, prop.strval(), md)
                        vals.append(item)
-
            if ob.name()=='remove' and ob.namespace()==dav:
-                proptag=ob.elements('prop', ns=dav)[0]
+                proptag=ob.elements('prop', ns=dav)
+                if not proptag: raise 'Bad Request', 'Invalid xml request.'
+                proptag=proptag[0]
                for prop in proptag.elements():
                    item=(prop.name(), prop.namespace())
                    vals.append(item)
@@ -299,6 +317,7 @@ class PropPatch:



+
 class Lock:
    """Model a LOCK request."""
    def __init__(self, request):