* Response handler for DAV resources */
| 4938 | * Response handler for DAV resources |
| 4939 | */ |
| 4940 | static int dav_handler(request_rec *r) |
| 4941 | { |
| 4942 | if (strcmp(r->handler, DAV_HANDLER_NAME) != 0) |
| 4943 | return DECLINED; |
| 4944 | |
| 4945 | /* Reject requests with an unescaped hash character, as these may |
| 4946 | * be more destructive than the user intended. */ |
| 4947 | if (r->parsed_uri.fragment != NULL) { |
| 4948 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00622) |
| 4949 | "buggy client used un-escaped hash in Request-URI"); |
| 4950 | return dav_error_response(r, HTTP_BAD_REQUEST, |
| 4951 | "The request was invalid: the URI included " |
| 4952 | "an un-escaped hash character"); |
| 4953 | } |
| 4954 | |
| 4955 | /* ### do we need to do anything with r->proxyreq ?? */ |
| 4956 | |
| 4957 | /* |
| 4958 | * ### anything else to do here? could another module and/or |
| 4959 | * ### config option "take over" the handler here? i.e. how do |
| 4960 | * ### we lock down this hierarchy so that we are the ultimate |
| 4961 | * ### arbiter? (or do we simply depend on the administrator |
| 4962 | * ### to avoid conflicting configurations?) |
| 4963 | */ |
| 4964 | |
| 4965 | /* |
| 4966 | * Set up the methods mask, since that's one of the reasons this handler |
| 4967 | * gets called, and lower-level things may need the info. |
| 4968 | * |
| 4969 | * First, set the mask to the methods we handle directly. Since by |
| 4970 | * definition we own our managed space, we unconditionally set |
| 4971 | * the r->allowed field rather than ORing our values with anything |
| 4972 | * any other module may have put in there. |
| 4973 | * |
| 4974 | * These are the HTTP-defined methods that we handle directly. |
| 4975 | */ |
| 4976 | r->allowed = 0 |
| 4977 | | (AP_METHOD_BIT << M_GET) |
| 4978 | | (AP_METHOD_BIT << M_PUT) |
| 4979 | | (AP_METHOD_BIT << M_DELETE) |
| 4980 | | (AP_METHOD_BIT << M_OPTIONS) |
| 4981 | | (AP_METHOD_BIT << M_INVALID); |
| 4982 | |
| 4983 | /* |
| 4984 | * These are the DAV methods we handle. |
| 4985 | */ |
| 4986 | r->allowed |= 0 |
| 4987 | | (AP_METHOD_BIT << M_COPY) |
| 4988 | | (AP_METHOD_BIT << M_LOCK) |
| 4989 | | (AP_METHOD_BIT << M_UNLOCK) |
| 4990 | | (AP_METHOD_BIT << M_MKCOL) |
| 4991 | | (AP_METHOD_BIT << M_MOVE) |
| 4992 | | (AP_METHOD_BIT << M_PROPFIND) |
| 4993 | | (AP_METHOD_BIT << M_PROPPATCH); |
| 4994 | |
| 4995 | /* |
| 4996 | * These are methods that we don't handle directly, but let the |
| 4997 | * server's default handler do for us as our agent. |
nothing calls this directly
no test coverage detected