You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by je...@apache.org on 2003/12/27 07:03:45 UTC

cvs commit: httpd-2.0/modules/dav/main mod_dav.c

jerenkrantz    2003/12/26 22:03:44

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES
               modules/dav/main Tag: APACHE_2_0_BRANCH mod_dav.c
  Log:
  * modules/dav/main/mod_dav.c (dav_method_copymove): For a 401 on the
  destination resource, propagate the WWW-Auth header from the
  subrequest back to the client.
  
  Backport of modules/dav/main/mod_dav.c r1.101 from httpd-2.1
  PR: 15571
  Reviewed by:	jorton, trawick, jerenkrantz
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.199 +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.198
  retrieving revision 1.988.2.199
  diff -u -u -r1.988.2.198 -r1.988.2.199
  --- CHANGES	14 Dec 2003 17:32:02 -0000	1.988.2.198
  +++ CHANGES	27 Dec 2003 06:03:44 -0000	1.988.2.199
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.49
   
  +  *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
  +     the destination resource gives a 401.  PR 15571.  [Joe Orton]
  +
     *) SECURITY [CAN-2003-0020]: Escape arbitrary data before writing
        into the errorlog.  [Andr� Malo]
   
  
  
  
  No                   revision
  No                   revision
  1.91.2.4  +9 -0      httpd-2.0/modules/dav/main/mod_dav.c
  
  Index: mod_dav.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/dav/main/mod_dav.c,v
  retrieving revision 1.91.2.3
  retrieving revision 1.91.2.4
  diff -u -u -r1.91.2.3 -r1.91.2.4
  --- mod_dav.c	25 Jun 2003 20:18:32 -0000	1.91.2.3
  +++ mod_dav.c	27 Dec 2003 06:03:44 -0000	1.91.2.4
  @@ -2618,6 +2618,15 @@
           return dav_error_response(r, lookup.err.status, lookup.err.desc);
       }
       if (lookup.rnew->status != HTTP_OK) {
  +        const char *auth = apr_table_get(lookup.rnew->err_headers_out,
  +                                        "WWW-Authenticate");
  +        if (lookup.rnew->status == HTTP_UNAUTHORIZED && auth != NULL) {
  +            /* propagate the WWW-Authorization header up from the
  +             * subreq so the client sees it. */
  +            apr_table_set(r->err_headers_out, "WWW-Authenticate",
  +                          apr_pstrdup(r->pool, auth));
  +        }
  +
           /* ### how best to report this... */
           return dav_error_response(r, lookup.rnew->status,
                                     "Destination URI had an error.");