search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.43k stars 4.08k forks source link

WebDAV SEARCH request requires 'where' to be present, which is not actually required by rfc #8531

Open pinkylabs opened 6 years ago

pinkylabs commented 6 years ago
### Steps to reproduce 1. Make a WebDAV SEARCH request without 'where' element Taken from [example from @MorrisJobke ](https://github.com/nextcloud/server/pull/3360#issuecomment-280063038): ``` curl -X SEARCH https://example.net/remote.php/dav -u USER -i -H "content-Type: text/xml" --data '. /files/USER 1 ' ``` ### Expected behaviour Return response without error returning files in that 'folder'. As far as I understand DTD, the only mandatory elements are select and from: ``` ``` See [section 5.2](https://tools.ietf.org/html/rfc5323#section-5.2) ### Actual behaviour Failed with error 400: "Parse error: Missing {DAV:}where from {DAV:}basicsearch" ### Server configuration **Operating system**: Debian 9.3 (Linux apps 4.9.0-4-amd64 Debian 4.9.51-1 (2017-09-28) x86_64 GNU/Linux) **Web server:** nginx-light/stable,stable,now 1.10.3-1+deb9u1 amd64, php7.0-fpm/stable,now 7.0.27-0+deb9u1 amd64 **Database:** **mariadb-server**/oldstable,now 10.0.32-0+deb8u1 on debian 8.9 amd64 **PHP version:** php7.0/stable 7.0.27-0+deb9u1 **Nextcloud version:** 12.0.3 **Updated from an older Nextcloud/ownCloud or fresh install:** ... nextcloud 11.0.1 -> 12.0.2 -> 12.0.3 **Where did you install Nextcloud from:** nextcloud.com, archive file, manual install **Signing status:** No errors have been found. **List of activated apps:**
App list 
Enabled:
  - activity: 2.5.2
  - admin_audit: 1.2.0
  - announcementcenter: 3.1.1
  - audioplayer: 2.2.5
  - bookmarks: 0.10.1
  - bruteforcesettings: 1.0.3
  - calendar: 1.5.7
  - comments: 1.2.0
  - contacts: 2.1.0
  - dav: 1.3.0
  - federatedfilesharing: 1.2.0
  - federation: 1.2.0
  - files: 1.7.2
  - files_external: 1.3.0
  - files_markdown: 2.0.1
  - files_pdfviewer: 1.1.1
  - files_sharing: 1.4.0
  - files_texteditor: 2.4.1
  - files_trashbin: 1.2.0
  - files_versions: 1.5.0
  - files_videoplayer: 1.1.0
  - gallery: 17.0.0
  - gpxedit: 0.0.8
  - gpxpod: 2.2.2
  - keeweb: 0.4.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.0.0
  - metadata: 0.6.0
  - nextcloud_announcements: 1.1
  - notes: 2.3.2
  - notifications: 2.0.0
  - oauth2: 1.0.5
  - ocsms: 1.12.2
  - password_policy: 1.2.2
  - phonetrack: 0.2.2
  - previewgenerator: 1.0.9
  - provisioning_api: 1.2.0
  - serverinfo: 1.2.0
  - sharebymail: 1.2.0
  - survey_client: 1.0.0
  - systemtags: 1.2.0
  - tasks: 0.9.6
  - theming: 1.3.0
  - twofactor_backupcodes: 1.1.1
  - updatenotification: 1.2.0
  - workflowengine: 1.2.0
Disabled:
  - encryption
  - firstrunwizard
  - mail
  - music
  - rainloop
  - user_external
  - user_ldap
**Nextcloud configuration:**
Config report 
{
    "system": {
        "instanceid": "ocff0dbe0933",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            ***REMOVED SENSITIVE VALUE***
        ],
        "datadirectory": "\/mnt\/nextcloud-data",
        "dbtype": "mysql",
        "version": "12.0.3.3",
        "dbname": "nextcloud",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "theme": "",
        "maintenance": false,
        "secret": "***REMOVED SENSITIVE VALUE***",
        "loglevel": 2,
        "log_rotate_size": 10485760,
        "trashbin_retention_obligation": "auto",
        "mail_smtpmode": "php",
        "mail_from_address": "nextcloud",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "asset-pipeline.enabled": false,
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "localhost",
            "port": 6379
        }
    }
}
**Are you using external storage, if yes which one:** none **Are you using encryption:** no **Are you using an external user-backend, if yes which one:** none ### Client configuration curl any my testing application. ### Logs #### Web server error log
Web server error log ``` ==> /var/log/nginx/access.log <== 1.1.16.9 - pinky [25/Feb/2018:15:35:13 -0500] "SEARCH /remote.php/dav HTTP/2.0" 400 713 "-" "curl/7.52.1" ```
#### Nextcloud log (data/nextcloud.log)
Nextcloud log ``` no new events emitted ```
#### Working Example for reference: ``` curl -X SEARCH https://example.net/remote.php/dav -u USER -i -H "content-Type: text/xml" --data '. /files/USER 1 text/% ' ```
MorrisJobke commented 6 years ago

cc @icewind1991

szaimen commented 3 years ago

I am going to close this since there doesn't seem to be a lot of interest (no upvotes) and no respond since over 2 years. Please reopen if you still want to implement this.

szaimen commented 1 year ago

Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!