dav icon indicating copy to clipboard operation
dav copied to clipboard
verified publisher icon sabre-io

RFC 4918 compliance: Remove unexpected propstat

Open mstilkerich opened this issue 5 years ago • 2 comments

According to RFC 4918, there is two types of response elements:

See section 14.24, response XML Element:

<!ELEMENT response (href, ((href*, status)|(propstat+)),
                       error?, responsedescription? , location?) >

Type 1 contains one or more href and one status child elements.

Type 2 contains one href and one or more propstat child elements.

Both types may contain further optional elements.

For Type 1, sabre/dav inserts a spurious propstat element, which violated the element definition by RFC 4918.

You can also see examples for such type 1 response elements in RFC 4918, for example 9.6.2 example:

>>Request
DELETE /container/ HTTP/1.1 Host: www.example.com

>>Response
HTTP/1.1 207 Multi-Status
Content-Type: application/xml; charset="utf-8" Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?> <d:multistatus xmlns:d="DAV:">
<d:response> <d:href>http://www.example.com/container/resource3</d:href> <d:status>HTTP/1.1 423 Locked</d:status> <d:error><d:lock-token-submitted/></d:error>
       </d:response>
     </d:multistatus>

This issue may cause failure with clients that validate the received XML against the RFC specification.

The attached change still allows responses to be created that contain both status and propstat child elements. I don't know your error handling concept, therefore I did not address that issue.

mstilkerich avatar Jul 15 '20 18:07 mstilkerich

Codecov Report

Merging #1285 (1eeecce) into master (5736f94) will decrease coverage by 0.01%. The diff coverage is 100.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master    #1285      +/-   ##
============================================
- Coverage     97.12%   97.10%   -0.02%     
- Complexity     2774     2788      +14     
============================================
  Files           174      174              
  Lines          8028     8045      +17     
============================================
+ Hits           7797     7812      +15     
- Misses          231      233       +2
Impacted Files Coverage Δ Complexity Δ
lib/CardDAV/Plugin.php 96.92% <100.00%> (+0.04%) 122.00 <0.00> (+1.00)
lib/DAV/Xml/Element/Response.php 97.01% <100.00%> (-2.99%) 22.00 <0.00> (ø)
lib/DAV/Browser/Plugin.php 87.15% <0.00%> (-0.10%) 84.00% <0.00%> (ø%)
lib/DAVACL/Plugin.php 94.06% <0.00%> (-0.02%) 168.00% <0.00%> (ø%)
lib/CalDAV/Backend/PDO.php 99.17% <0.00%> (ø) 136.00% <0.00%> (+6.00%)
lib/DAV/Sharing/Plugin.php 98.85% <0.00%> (ø) 25.00% <0.00%> (ø%)
lib/CardDAV/Backend/PDO.php 98.79% <0.00%> (ø) 34.00% <0.00%> (ø%)
lib/CalDAV/SharingPlugin.php 98.37% <0.00%> (ø) 35.00% <0.00%> (ø%)
lib/CalDAV/CalendarQueryValidator.php 100.00% <0.00%> (ø) 73.00% <0.00%> (+6.00%)
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 5736f94...1eeecce. Read the comment docs.

codecov[bot] avatar Jul 22 '20 18:07 codecov[bot]

No one interested in fixing this?

mstilkerich avatar Nov 22 '20 14:11 mstilkerich