You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-dev@jakarta.apache.org by bu...@apache.org on 2004/09/01 09:44:56 UTC

DO NOT REPLY [Bug 30982] New: - possible DELETE on a resource LOCKed by an other user

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30982>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30982

possible DELETE  on a resource LOCKed by an other user

           Summary: possible DELETE  on a resource LOCKed by an other user
           Product: Slide
           Version: 2.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: WebDAV Server
        AssignedTo: slide-dev@jakarta.apache.org
        ReportedBy: luetzkendorf@apache.org


currently it is possible for a user that does not own a given lock to 
delete a resource if he provides the "stolen" locktoken in the If header.

e.g. in the following scenario

user A LOCK /any/resource
user B PROPFIND /any/resource (retrieves the locktoken)
user B DELETE /any/resource

I think that's a bug. If nobody contradicts, I'll try to fix this ASAP.

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org