Ben Reser wrote:
> On Tue, Feb 22, 2005 at 06:44:52PM -0500, Chris Pickett wrote:
> > sussman on #svn asked me to bring this up here.
> >
> > I have three versions of svn installed on various machines, 1.0.4,
> > 1.1.1, and 1.1.3.
> >
> > so ... I guess this mail serves two purposes:
> >
> > 1) bring this to your attention
> > 2) request that you allow for '..' in a URL again if it isn't a security
> > hole
> >
> > I'm not sure what version of svn is running on the server, but I can
> > find out if you want.
>
> We had support for this briefly, I think maybe one release, but IIRC
> removed it for these reasons:
>
> * Despite common usage .. doesn't have any special meaning per the URI
> standard.
> * Because we canonicalize URLs on input it could create confusing
> results. In particular if the resulting path didn't exist the URL we
> said didn't exist wouldn't match what the user requested.
> * The behavior is undefined when dealing with no-op path elements e.g.
> //. Should we remove it or not.
> * Caused some sort of issues with externals.
> * Were more trouble than they were worth to make function safely (e.g.
> buffer underflows).
>
> jpieper is the one who specificially removed the functionality perhaps
> he can be specific or correct me if I'm remembering wrong.
Those reasons, plus it has not well-defined symantics when used over
symlinks. I have some IRC discussions from last July where the merits
were discussed if anyone is interested.
-Josh
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 23 04:00:49 2005