On Tue, 3 Aug 2004, Greg Hudson wrote:
> On Tue, 2004-08-03 at 14:15, Shun-ichi GOTO wrote:
> > 1. When the encoding is failed, coninue checking with shorter path
> > removing trailing element instead of giving up whole of searching.
>
> Yeah, so it would be possible to solve the problem by:
>
> * Making the svn_repos_find_root_path() detect encoding failures and
> continue, and:
>
I was looking at this. The problem is how to detect encoding errors.
Currently, we just return the APR error wrapped on recoding errors. Should
we introduce a special error code for recoding errors and wrap the APR
status in such an error?
> * Making svnserve's find_repos() use svn_path_join() instead of
> apr_filepath_merge(). To prevent the client from escaping from the
> repository root, we'd have to check for ".." path elements separately.
>
Would it be enough to check the URL path for "too many .. segments", i.e.
"foo/../bar" would be ok, but "foo/../.." would fail?
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Aug 4 00:06:02 2004