Ticket #13370 (confirmed Bug)

Opened 3 years ago

Last modified 3 years ago

Accessing webdav by url ?

Reported by: st.willibrord@… Owned by:
Priority: minor Milestone: 4.x
Component: Archetypes Version: 4.2
Keywords: webdav Cc:

Description (last modified by kleist) (diff)

I ran google skipfish against my plone installation and as a reaction to a (normally anti-php ?) test I got the following in the event log:

2012-12-02T02:25:16 ERROR Zope.SiteErrorLog 1354411517.00.103633480137  http://localhost:8080/willi/bildspeicher/upload/PUT-sfi9876/PUT Traceback (innermost last):

Module ZPublisher.Publish, line 126, in publish Module ZPublisher.mapply, line 77, in mapply Module ZPublisher.Publish, line 46, in call_object Module webdav.NullResource, line 157, in PUT Module Products.CMFCore.PortalFolder, line 274, in PUT_factory Module Products.ATContentTypes.lib.constraintypes, line 280, in invokeFactory

ValueError: Disallowed subobject type: Document

So while the access was correctly blocked this still managed to access the webdav module and a "PUT-factory" by a get request. Hope this is a feature.

Change History

comment:1 Changed 3 years ago by kleist

  • Status changed from new to confirmed
  • Keywords webdav added
  • Component changed from Unknown to Archetypes
  • Description modified (diff)
Note: See TracTickets for help on using tickets.