Garrett Rooney writes:
> On 4/27/06, John Peacock <jpeacock@rowman.com> wrote:
> > Garrett Rooney wrote:
> > > I've got a patch to fix this by stripping comments from values in the
> > > config parser code, but I hesitate to change the behavior of this sort
> > > of thing since someone might depend on it. Does anyone want to tell
> > > me "you're being paranoid, this is insane, just commit it"?
> > >
> >
> > The config parser should be 100% responsible for stripping comments.
> > The consumer of the parsed configuration shouldn't have to worry about
> > anything except valid key/value pairs.
> >
> > /you're being paranoid, this is insane, just commit it/
>
> While I'd like to agree, there has been some disent about this point
> on IRC, I imagine someone with such an opinion will post here soon...
>
If we add comment stripping for values to the config parser, how would you add
a value with # characters?
"With some escaping mechanism."
Yes, but how would that mechanism work? Whatever we use will break backwards
compatibility. Personally, I think it was a mistake to not have a general
escaping mechanism in the config file in the first place, but that's
hard to undo now.
Also, I don't think we should add comment stripping in the authz code
(or whatever code that consumes config values), since then, to be
consistent, we should do it everywhere and then we face the same
escaping problem.
I think the solution to this problem is to validate the authz values
more strictly, only allowing legal flag characters. People can insert
their nice comments above the values.
Regards,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Apr 27 20:46:25 2006