only one token must match, see http://www.webdav.org/specs/rfc2518.html#rfc.section.9.4.2 [ci skip]

2026-05-20 11:41:26 +00:00 · 2016-02-12 12:57:36 +01:00
parent 6f15ea0e1e
commit 3d24bc74b1
1 changed files with 2 additions and 2 deletions
--- a/main/frontend-webdav/src/main/java/org/cryptomator/webdav/jackrabbitservlet/WebDavServlet.java
+++ b/main/frontend-webdav/src/main/java/org/cryptomator/webdav/jackrabbitservlet/WebDavServlet.java
@@ -120,10 +120,10 @@ public class WebDavServlet extends AbstractWebdavServlet {
 	}

 	private boolean hasCorrectLockTokens(DavSession session, DavResource resource) {
-		boolean access = true;
+		boolean access = false;
 		final String[] providedLockTokens = session.getLockTokens();
 		for (ActiveLock lock : resource.getLocks()) {
-			access &= ArrayUtils.contains(providedLockTokens, lock.getToken());
+			access |= ArrayUtils.contains(providedLockTokens, lock.getToken());
 		}
 		return access;
 	}