WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

English support forum

Moderators: white, Hacker, petermad, Stefan2

Post Reply
karnin
Junior Member
Junior Member
Posts: 73
Joined: 2005-02-28, 08:57 UTC

WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *karnin »

Hello,
WebDAV-plugin 3.1 is installed in TC-10 on Win10prof(64).

It should call two different Nextcloud-21 webdav accounts on same Nextcloud server, for example:
1. https://domain.xy/ncw/remote.php/webdav/
Login for "user-1"
2. https://domain.xy/ncw/remote.php/webdav/
Login for "user-2"

Access is working, BUT:

After calling 1. with "user-1" and interrupting this connection, second attempt with calling "user-2" shows webdav directory of "user-1" !!

Access to "User-2" only works after terminating whole TC-10, after its restart right webdav directory is opened, but only once.
Second attempt to other account "user-1" shows directory from "user-1" too.
Same effect if changing logn order user-1 <=> user-2!

How to solve this issue?
Webdav Cache problem?

Thanks and regards!
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *ghisler(Author) »

WebDAV uses Internet Explorer functions (WinINet), which handle all the caching internally. It probably caches only by path and doesn't support servers where the same path returns different data depending on the user account.
Author of Total Commander
https://www.ghisler.com
karnin
Junior Member
Junior Member
Posts: 73
Joined: 2005-02-28, 08:57 UTC

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *karnin »

Thanks for reply!
It is possible, but there must be a change between WebDAV-2.x and WebDAV-3.1!?
Version 2.x didn't show this behaviour.
Any hint about that?
Older 2.x version available anywhere?

Thnks and regards.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *ghisler(Author) »

I have put them here:
https://www.totalcommander.ch/win/fs/old/webdav/

I cannot find any changes between 2.9 and 3.0 which would cause this problem. Can you tell me which version is the last that works for you, please?
Author of Total Commander
https://www.ghisler.com
karnin
Junior Member
Junior Member
Posts: 73
Joined: 2005-02-28, 08:57 UTC

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *karnin »

Ok, i did check all versions down til WebDav-2.0, all of them show describben behaviour on Win10prof(64-20H2).

Latest working version for me has been Webdav-2.7 on older 1909-version of Win10, but it is not longer available...
Maybe it depends on windows version and changed/ modified behaviour?

Workaround: Is it possible to empty Internet Explorer (WinINet) cache by command?

Thanks for help,
best regards!
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *ghisler(Author) »

So it's a bug of Windows 10. :(
No, you can't empty the cache, but it would be possible to call the WinINet function with option "do not cache". However, I don't know how this would work with paths which are already cached...
Author of Total Commander
https://www.ghisler.com
karnin
Junior Member
Junior Member
Posts: 73
Joined: 2005-02-28, 08:57 UTC

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *karnin »

How to call the WinINet function with option "do not cache" for WebDav?

If option must be hardcoded in WebDav-3.2beta, beta test is offered... 8)

Best regards!
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *ghisler(Author) »

Call HttpOpenRequest with flag INTERNET_FLAG_NO_CACHE_WRITE. I already do this for some functions, but not for reading directories because it's faster when using the cache. But that was while there wasn't this account bug...

Please contact me by e-mail to support at ghisler dot com for a private beta where I add this flag.
Author of Total Commander
https://www.ghisler.com
karnin
Junior Member
Junior Member
Posts: 73
Joined: 2005-02-28, 08:57 UTC

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *karnin »

Done... 8)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: WebDAV-Plugin 3.1 / TC-10 calls wrong server. Security issue...

Post by *ghisler(Author) »

I'm currently very busy, so it will take a few days until I can send you the test version. Sorry for the delay.
Author of Total Commander
https://www.ghisler.com
Post Reply