Missing XML escape in libsvn_ra_dav/fetch.c function "make_reporter"

From: Roland Ruedenauer <Roland.Ruedenauer_at_yellow-computing.de>
Date: 2004-09-22 11:58:53 CEST

The value of parameter "target" in function "make_reporter" (file
libsvn_ra_dav/fetch.c) needs to be xml escaped, when constructing
the DAV request.

Currently, if the filename in parameter "target" contains an
ampersand character, an invalid xml document will be sent to the
server.

>>>
  /* Pre-0.36 servers don't like to see an empty target string. */
  if (*target)
    {
      s = apr_psprintf(pool,
                       "<S:update-target>%s</S:update-target>",
                       target);
      SVN_ERR( svn_io_file_write_full(rb->tmpfile, s, strlen(s), NULL,
pool) );
    }
<<<

--
Roland Rüdenauer
____________
Virus checked by inet.yellow-computing.de
Version: AVK 15.0.149, 22.09.2004
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed Sep 22 19:04:04 2004

This message: [ Message body ]
Next message: raphael: "hardlinks in win2k"
Previous message: Jan Gruber: "default svnserve.conf"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]