From faf34d29fbedadcf98419457e87889611f57ba5d Mon Sep 17 00:00:00 2001
From: Jan Vonka <jan.vonka@alfresco.com>
Date: Thu, 16 Jun 2011 09:46:50 +0000
Subject: [PATCH] ALF-9127 - WebDAV - fix unsafe use of SimpleDateFormat

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@28420 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../java/org/alfresco/repo/webdav/WebDAV.java | 68 +++++++++----------
 1 file changed, 32 insertions(+), 36 deletions(-)

diff --git a/source/java/org/alfresco/repo/webdav/WebDAV.java b/source/java/org/alfresco/repo/webdav/WebDAV.java
index 1247e9f3d9..4ec664efc0 100644
--- a/source/java/org/alfresco/repo/webdav/WebDAV.java
+++ b/source/java/org/alfresco/repo/webdav/WebDAV.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
  *
  * This file is part of Alfresco
  *
@@ -20,7 +20,6 @@ package org.alfresco.repo.webdav;
 
 import java.io.Serializable;
 import java.net.URLDecoder;
-import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -249,12 +248,6 @@ public class WebDAV
     
     private static String CREATION_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
     
-    //  HTTP header date/time formatter
-    //  NOTE: According to RFC2616 dates should always be in English and in
-    //        the GMT timezone see http://rfc.net/rfc2616.html#p20 for details
-    
-    private static SimpleDateFormat _httpDateFormatter = new SimpleDateFormat(HEADER_IF_DATE_FORMAT, Locale.ENGLISH);
-    
     /**
      * Formats the given date so that it conforms with the Last-Modified HTTP header
      * 
@@ -263,7 +256,7 @@ public class WebDAV
      */
     public static String formatModifiedDate(Date date)
     {
-        return _httpDateFormatter.format(date);
+        return formatHeaderDate(date);
     }
 
     /**
@@ -274,7 +267,7 @@ public class WebDAV
      */
     public static String formatModifiedDate(long ldate)
     {
-        return _httpDateFormatter.format(new Date(ldate));
+        return formatHeaderDate(ldate);
     }
 
     /**
@@ -307,7 +300,10 @@ public class WebDAV
      */
     public static String formatHeaderDate(Date date)
     {
-        return _httpDateFormatter.format( date);
+        // HTTP header date/time format
+        // NOTE: According to RFC2616 dates should always be in English and in
+        //        the GMT timezone see http://rfc.net/rfc2616.html#p20 for details
+        return DateFormatUtils.format(date, HEADER_IF_DATE_FORMAT, TimeZone.getTimeZone("GMT"), Locale.ENGLISH);
     }
     
     /**
@@ -316,9 +312,12 @@ public class WebDAV
      * @param date long
      * @return String
      */
-    public static String formatHeaderDate(long date)
+    public static String formatHeaderDate(long ldate)
     {
-        return _httpDateFormatter.format( new Date(date));
+        // HTTP header date/time format
+        // NOTE: According to RFC2616 dates should always be in English and in
+        //        the GMT timezone see http://rfc.net/rfc2616.html#p20 for details
+        return DateFormatUtils.format(ldate, HEADER_IF_DATE_FORMAT, TimeZone.getTimeZone("GMT"), Locale.ENGLISH);
     }
     
     /**
@@ -366,11 +365,11 @@ public class WebDAV
 
         String strPath = null;
         
-        try 
-        {
+        try 
+        {
             strPath = URLDecoder.decode( request.getRequestURI(), "UTF-8");
         }
-        catch (Exception ex) {}
+        catch (Exception ex) {}
 
         // Find the servlet path and trim from the request path
         
@@ -378,9 +377,9 @@ public class WebDAV
         
         int rootPos = strPath.indexOf(servletPath);
         if ( rootPos != -1)
-        {
+        {
             strPath = strPath.substring( rootPos);
-        }
+        }
         
         // If we failed to get the path from the request try and get the path from the servlet path
 
@@ -391,31 +390,31 @@ public class WebDAV
 
         if (strPath == null || strPath.length() == 0)
         {
-            // If we still have not got a path then default to the root directory
+            // If we still have not got a path then default to the root directory
             strPath = RootPath;
         }
-        else if (strPath.startsWith(request.getServletPath()))
+        else if (strPath.startsWith(request.getServletPath()))
         {
-            // Check if the path starts with the base servlet path
+            // Check if the path starts with the base servlet path
             int len = request.getServletPath().length();
             
-            if (strPath.length() > len)
-            {
+            if (strPath.length() > len)
+            {
                 strPath = strPath.substring(len);
-            }
+            }
             else
-            {
+            {
                 strPath = RootPath;
-            }
+            }
+        }
+
+        // Make sure there are no trailing slashes
+        
+        if (strPath.length() > 1 && strPath.endsWith(DIR_SEPARATOR))
+        {
+            strPath = strPath.substring(0, strPath.length() - 1);
         }
 
-        // Make sure there are no trailing slashes
-        
-        if (strPath.length() > 1 && strPath.endsWith(DIR_SEPARATOR))
-        {
-            strPath = strPath.substring(0, strPath.length() - 1);
-        }
-
         // Return the path
         
         return strPath;
@@ -640,9 +639,6 @@ public class WebDAV
      */
     static
     {
-        // ensure http dates are in GMT time zone (see note above)
-        _httpDateFormatter.setTimeZone(TimeZone.getTimeZone("GMT"));
-        
         // Create the WebDAV to Alfresco property mapping table
         
         _propertyNameMap = new Hashtable<String, QName>();