Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent panic on /remote.php/dav/files/ #1320

Merged
merged 13 commits into from
Nov 25, 2020
8 changes: 8 additions & 0 deletions internal/http/services/owncloud/ocdav/propfind.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,14 @@ func (s *svc) handlePropfind(w http.ResponseWriter, r *http.Request, ns string)
if depth == "" {
depth = "1"
}

// if there is no file in the request url we assume the request url is: "/remote.php/dav/files"
// https://github.com/owncloud/core/blob/18475dac812064b21dabcc50f25ef3ffe55691a5/tests/acceptance/features/apiWebdavOperations/propfind.feature
if r.URL.Path == "/" {
log.Debug().Str("path", r.URL.Path).Msg("method not allowed")
w.WriteHeader(http.StatusMethodNotAllowed)
}

// see https://tools.ietf.org/html/rfc4918#section-10.2
if depth != "0" && depth != "1" && depth != "infinity" {
log.Error().Msgf("invalid Depth header value %s", depth)
Expand Down