Branch: Tag:

2018-03-21

2018-03-21 16:30:59 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Filesystem [WebDAV]: Return 403 for MOVE where src == dst.

Fixes [WS-225].

1402:    return(0);    }    new_uri = new_uri[sizeof(mountpoint)..]; -  string moveto = path + "/" + encode_path(new_uri); +  string moveto = real_path(new_uri, id);       // Workaround for Linux, Tru64 and FreeBSD.    if (has_suffix(moveto, "/")) {
1433:    return ret;    }    +  if (norm_f == moveto) { +  privs = 0; +  errors++; +  TRACE_LEAVE("MOVE: Source and destination are the same path."); +  return Roxen.http_status(403, "Permission denied."); +  } +     size = _file_size(new_uri, id);       SETUID_TRACE("Moving file", 0);