Open
Description
Steps to reproduce
- Lock a file:
curl -u admin:admin -X LOCK http://owncloudserver/remote.php/webdav/lock.txt -d "<?xml version='1.0' encoding='UTF-8'?><d:lockinfo xmlns:d='DAV:'> <d:timeout>Infinite</d:timeout> <d:lockscope><d:exclusive/></d:lockscope></d:lockinfo>"
- Lock a folder
curl -u admin:admin -X LOCK http://owncloudserver/remote.php/webdav/FolderCerrado -d "<?xml version='1.0' encoding='UTF-8'?><d:lockinfo xmlns:d='DAV:'> <d:timeout>Infinite</d:timeout> <d:lockscope><d:exclusive/></d:lockscope></d:lockinfo>"
- Move the file into the folder using both tokens:
curl -k -u admin:admin -H 'If: (<opaquelocktoken:ad232c59-98d3-434e-a18c-81cdc65aa4c1>,<opaquelocktoken:76484811-c9ce-4ff5-9e5f-59f45e146449>)' -H 'Destination:http://owncloudserver/remote.php/webdav/FolderCerrado/lock.txt' -H 'Overwrite:F' -H 'User-Agent:Mozilla/5.0 (Android) ownCloud-android/2.7.0' -H 'Host:owncloudserver' -X MOVE 'http://owncloudserver/remote.php/webdav/lock.txt'
- Check the lock in the moved file
Expected behavior
The lock token of the file should not be preserved https://tools.ietf.org/html/rfc4918#page-33:
A successful MOVE request on a write locked resource MUST NOT move
the write lock with the resource. However, if there is an existing
lock at the destination, the server MUST add the moved resource to
the destination lock scope. For example, if the MOVE makes the
resource a child of a collection that has a depth-infinity lock, then
the resource will be added to that collection's lock. Additionally,
if a resource with a depth-infinity lock is moved to a destination
that is within the scope of the same lock (e.g., within the URL
namespace tree covered by the lock), the moved resource will again be
added to the lock. In both these examples, as specified in
Section 7.5, an If header must be submitted containing a lock token
for both the source and destination.
Actual behavior
Both lock tokens are preserved
curl -u admin:admin -X PROPFIND http://owncloudserver/remote.php/webdav/FolderCerrado/lock.txt -d "<?xml version='1.0' encoding='UTF-8'?> <d:propfind xmlns:d='DAV:'> <d:prop><d:lockdiscovery/></d:prop> </d:propfind>" | xmllint --format -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1222 100 1106 100 116 704 73 0:00:01 0:00:01 --:--:-- 704
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns">
<d:response>
<d:href>/remote.php/webdav/FolderCerrado/lock.txt</d:href>
<d:propstat>
<d:prop>
<d:lockdiscovery>
<d:activelock>
<d:lockscope>
<d:exclusive/>
</d:lockscope>
<d:locktype>
<d:write/>
</d:locktype>
<d:lockroot>
<d:href>/remote.php/webdav/FolderCerrado/lock.txt</d:href>
</d:lockroot>
<d:depth>infinity</d:depth>
<d:timeout>Second-1445</d:timeout>
<d:locktoken>
<d:href>opaquelocktoken:76484811-c9ce-4ff5-9e5f-59f45e146449</d:href>
</d:locktoken>
<d:owner>admin </d:owner>
</d:activelock>
<d:activelock>
<d:lockscope>
<d:exclusive/>
</d:lockscope>
<d:locktype>
<d:write/>
</d:locktype>
<d:lockroot>
<d:href>/remote.php/webdav/FolderCerrado</d:href>
</d:lockroot>
<d:depth>infinity</d:depth>
<d:timeout>Second-1466</d:timeout>
<d:locktoken>
<d:href>opaquelocktoken:ad232c59-98d3-434e-a18c-81cdc65aa4c1</d:href>
</d:locktoken>
<d:owner>admin</d:owner>
</d:activelock>
</d:lockdiscovery>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>