BUG?: lock message isn't correctly escaped

I'm using "SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2".

When I try to get a lock passing a message containing the characters
"<" and ">" I get a "BAD REQUEST (error 400)" message back.

I can obtain the same lock using the command "svn lock -m'<asdf>'
file" on the Linux command line.

Sniffing the HTTP transaction I saw that the '<' and '>' characters
were changed by the 'svn lock' command to their HTML equivalents of
"&lt;" and "&gt;". But the TortoiseSVN command didn't escape the
message and then the XML containing it ended being malformed.

The actual HTTP message that I got from the sniffer is this:

------------------------------------------------------------
LOCK /path/tp/file HTTP/1.1
Host: svn
User-Agent: SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2
Connection: TE
TE: trailers
Depth: 0
Timeout: Infinite
Content-Type: text/xml; charset="utf-8"
X-SVN-Version-Name: 1057
Content-Length: 235
Authorization: Basic somerandomstring==

<?xml version="1.0" encoding="utf-8" ?><D:lockinfo xmlns:D="DAV:">
<D:lockscope><D:exclusive /></D:lockscope> <D:locktype><D:write /></
D:locktype> <D:owner>[#<n..mero do bug>][<nome do projeto]<coment..rio
livre></D:owner></D:lockinfo>
---------------------------------

The response began with a "HTTP/1.1 400 Bad Request". You can see that
the message inside the D:owner tag isn't properly escaped.

Isn't this a bug?

Gustavo.

BTW, I haven't tested with messages for other commands (commit, etc.)
so that I can't tell for sure that the same problem occurs there too.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-08-29 19:59:55 CEST