[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] validate MIME type correctly (was: Re: svn: MIME type 'text/x-c++' ends with non-alphanumeric) character

From: Stefan Sperling <stsp_at_elego.de>
Date: Sat, 26 Apr 2008 14:10:44 +0200

On Sat, Apr 26, 2008 at 01:34:22PM +0200, Alan Barrett wrote:
> On Sat, 26 Apr 2008, Stefan Sperling wrote:
> > Here it is. Now hopefully correctly checking the whole mime type
> > for illegal characters. This should conform to RFC 1521 if I
> > unterstood the RFC correctly.
>
> That looks fine to me,

Thanks.

> except I am not sure if you want to
> allow svn:mime_type="type/subtype ; parameter = value"

The code explicitly allows this. I don't know whether this
is good/bad, but I don't think we should break this since
it's probably being used in the wild somewhere.

Here's the whole (patched) function again for reference,
note the comment at the top:

svn_error_t *
svn_mime_type_validate(const char *mime_type, apr_pool_t *pool)
{
  /* Since svn:mime-type can actually contain a full content type
     specification, e.g., "text/html; charset=UTF-8", make sure we're
     only looking at the media type here. */
  const apr_size_t len = strcspn(mime_type, "; ");
  const char *const slash_pos = strchr(mime_type, '/');
  int i;
  const char *tspecials = "()<>@,;:\\\"/[]?=";

  if (len == 0)
    return svn_error_createf
      (SVN_ERR_BAD_MIME_TYPE, NULL,
       _("MIME type '%s' has empty media type"), mime_type);

  if (slash_pos == NULL || slash_pos >= &mime_type[len])
    return svn_error_createf
      (SVN_ERR_BAD_MIME_TYPE, NULL,
       _("MIME type '%s' does not contain '/'"), mime_type);

  /* Check the mime type for illegal characters. See RFC 1521. */
  for (i = 0; i < len; i++)
    {
      if (&mime_type[i] != slash_pos
          && (! apr_isascii(mime_type[i])
              || apr_iscntrl(mime_type[i])
              || apr_isspace(mime_type[i])
              || (strchr(tspecials, mime_type[i]) != NULL)))
        return svn_error_createf
          (SVN_ERR_BAD_MIME_TYPE, NULL,
           _("MIME type '%s' contains invalid character '%c'"),
           mime_type, mime_type[i]);
    }

  return SVN_NO_ERROR;
} 

-- 
Stefan Sperling <stsp_at_elego.de>                    Software Monkey
 
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
 
Store password unencrypted (yes/no)? No

  • application/pgp-signature attachment: stored
Received on 2008-04-26 14:10:03 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.