Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

83541: Merged V4.2-BUG-FIX (4.2.4) to HEAD-BUG-FIX (5.0/Cloud) 82261: Merged DEV to V4.2-BUG-FIX (4.2.4) 80345 : MNT-11990 : vti sharepoint server does not respect If: HTTP headers as defined in rfc2518 - LockMethod was corrected to prevent lock refresh for non-locked files. - Unit test added. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@84561 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2014-09-18 17:08:49 +00:00
parent 5a0f3ef869
commit caf361cd61
2 changed files with 44 additions and 0 deletions
--- a/source/java/org/alfresco/repo/webdav/LockMethod.java
+++ b/source/java/org/alfresco/repo/webdav/LockMethod.java
@@ -368,6 +368,15 @@ public class LockMethod extends WebDAVMethod
        if (hasLockToken())
        {
            lockInfo = checkNode(lockNodeInfo);
+
+            if (!lockInfo.isLocked() && m_request.getContentLength() == -1)
+            {
+                // MNT-11990 fix, LOCK method with If header and without body was sent, according to RFC 2518 section 7.8
+                // this form of LOCK MUST only be used to "refresh" a lock. But node is not actually locked. Fail this request.
+                // see http://www.ics.uci.edu/~ejw/authoring/protocol/rfc2518.html#rfc.section.7.8
+                throw new WebDAVServerException(HttpServletResponse.SC_BAD_REQUEST);
+            }
+            
            // If a request body is not defined and "If" header is sent we have createExclusive as false,
            // but we need to check a previous LOCK was an exclusive. I.e. get the property for node. It
            // is already has got in a checkNode method, so we need just get a scope from lockInfo.