On Sat, 7 Aug 2004, Greg Hudson wrote:
> On Wed, 2004-08-04 at 17:33, Peter N. Lundblad wrote:
> > I've attached a patch that does this. This can be a security hole if not
> > done correctly, so would someone please review it. I couldn't juse
> > svn_path_is_backpath_present because it only checks for / as segment
> > separator, which isn't enough on Windows ofcourse.
>
> Hm. Would it be better to use svn_path_internal_style() to convert any
> local separators (there shouldn't be any, but of course we can't trust
> the client to honor that) and then use svn_path_is_backpath_present on
> the result?
>
I have been thinking more about this. The problem with your approach is
that it wouldn't allow \ in paths inside the repository on a Windows
serve, since they would be converted to slashes. This would be an
arbitrary limitation for a UNIX client. The problem is that we take the
rest of the repository path as the path inside the repository using
strlen. I don't think svn_path_internal_style just replaces characters
without insertion/deletion. As I maybe said earlier, I don't like this
nearly-duplication of code either...
Regards,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Aug 11 22:36:52 2004