Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-15001

webdav can create file names that content can't fetch



    • Type: Bug
    • Status: CLOSED
    • Priority: Major
    • Resolution: Non-Issue
    • Affects Version/s: 2.5.0
    • Fix Version/s: None
    • Component/s: Content, WebDAV
    • Labels:


      We had a user create a name with # in it via webdav. It couldn't be downloaded from resources, because # has a special meaning in URLs.

      There are two different issues:

      1) Webdav uses addResource(id) to create resources. In BaseContentService/addResource(String), the following code appears:
      String justName = isolateName(id);
      This is probably intended to prohibit names with odd characters. However checkResourceId is a boolean function. The return value is not used, so this test is a no-op. But we really want it to be a no-op. Webdav clients expect to be able to create any legal file name. Validator.checkResourceId prohibits any name containing "^/\\{}[]()%*?#&=\n\r\t\b\f". This is far too strict. It would be a disaster to disallow any file with these characters in it. Note particularly the presence of blank, but other characters would be a problem as well. So in my opinion these two lines of code should simply be removed. If the fact that they don't do anything was a problem, we would have seen it by now.

      2) When generating the URL for use in the Resources tool, special characters are not escaped. If you create a file in the resources tool itself, special characters tend to get turned into _. But this is not the case if DAV creates the file. We really need to escape URLs properly, so that any file created by DAV can be fetched. That simply requires getUrl to call Validator.escapeUrl. I can't tell when the three different getUrl's are used. I fixed the two that didn't have escapeUrl, and that fixed my problem.

      — content-impl/impl/src/java/org/sakaiproject/content/impl/BaseContentService.java (revision 992)
      +++ content-impl/impl/src/java/org/sakaiproject/content/impl/BaseContentService.java (working copy)
      @@ -9958,7 +9958,7 @@
      public String getUrl(boolean relative)

      { - return getAccessPoint(relative) + convertIdToUserEid(m_id); + return getAccessPoint(relative) + Validator.escapeUrl(convertIdToUserEid(m_id)); }

      @@ -11116,7 +11116,7 @@

      { return (relative ? m_serverConfigurationService.getAccessPath() : m_serverConfigurationService.getAccessUrl()) + getAlternateReferenceRoot(rootProperty) + m_relativeAccessPoint - + convertIdToUserEid(m_id); + + Validator.escapeUrl(convertIdToUserEid(m_id)); }


        Gliffy Diagrams



              Issue Links



                  Unassigned Unassigned
                  hedrick Charles Hedrick
                  1 Vote for this issue
                  4 Start watching this issue



                      Git Integration