You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by bu...@apache.org on 2004/09/01 09:44:56 UTC
DO NOT REPLY [Bug 30982] New: -
possible DELETE on a resource LOCKed by an other user
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30982>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30982
possible DELETE on a resource LOCKed by an other user
Summary: possible DELETE on a resource LOCKed by an other user
Product: Slide
Version: 2.1
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: WebDAV Server
AssignedTo: slide-dev@jakarta.apache.org
ReportedBy: luetzkendorf@apache.org
currently it is possible for a user that does not own a given lock to
delete a resource if he provides the "stolen" locktoken in the If header.
e.g. in the following scenario
user A LOCK /any/resource
user B PROPFIND /any/resource (retrieves the locktoken)
user B DELETE /any/resource
I think that's a bug. If nobody contradicts, I'll try to fix this ASAP.
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org