Ticket #13370 (confirmed Bug)
Accessing webdav by url ?
Reported by: | st.willibrord@… | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | 4.x |
Component: | Archetypes | Version: | 4.2 |
Keywords: | webdav | Cc: |
Description (last modified by kleist) (diff)
I ran google skipfish against my plone installation and as a reaction to a (normally anti-php ?) test I got the following in the event log:
2012-12-02T02:25:16 ERROR Zope.SiteErrorLog 1354411517.00.103633480137 http://localhost:8080/willi/bildspeicher/upload/PUT-sfi9876/PUT Traceback (innermost last):
Module ZPublisher.Publish, line 126, in publish Module ZPublisher.mapply, line 77, in mapply Module ZPublisher.Publish, line 46, in call_object Module webdav.NullResource, line 157, in PUT Module Products.CMFCore.PortalFolder, line 274, in PUT_factory Module Products.ATContentTypes.lib.constraintypes, line 280, in invokeFactory
ValueError: Disallowed subobject type: Document
So while the access was correctly blocked this still managed to access the webdav module and a "PUT-factory" by a get request. Hope this is a feature.