[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r12904 - trunk/subversion/mod_dav_svn

From: Peter N. Lundblad <peter_at_famlundblad.se>
Date: 2005-02-04 08:31:15 CET

On Wed, 2 Feb 2005 cmpilato@tigris.org wrote:

> Author: cmpilato
> Date: Wed Feb 2 10:50:34 2005
> New Revision: 12904
>
> Log:
> A piece of issue #2199. Check paths entering Subversion via
> mod_dav_svn custom REPORT requests for canonicalization, erroring if
> they don't pass muster. (This was attempted once in r12738, reverted
> in r12903. This time I'm shrinking the scope to just mod_dav_svn.)
>
> * subversion/mod_dav_svn/dav_svn.h
> * subversion/mod_dav_svn/util.c
> (dav_svn__test_canonical): New.
>
...
> Modified: trunk/subversion/mod_dav_svn/util.c
> Url: http://svn.collab.net/viewcvs/svn/trunk/subversion/mod_dav_svn/util.c?view=diff&rev=12904&p1=trunk/subversion/mod_dav_svn/util.c&r1=12903&p2=trunk/subversion/mod_dav_svn/util.c&r2=12904
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/util.c (original)
> +++ trunk/subversion/mod_dav_svn/util.c Wed Feb 2 10:50:34 2005
> @@ -358,3 +358,25 @@
> return svn_error_create(SVN_ERR_APMOD_CONNECTION_ABORTED, 0, NULL);
> return SVN_NO_ERROR;
> }
> +
> +
> +/* ### Much of this is duplicated from libsvn_subr/path.c */
> +#define PATH_IS_PLATFORM_EMPTY(s,n) ((n) == 1 && (s)[0] == '.')
> +dav_error * dav_svn__test_canonical(const char *path, apr_pool_t *pool)
> +{
> + apr_size_t len = strlen(path);
> +
> + /* Is it canonical enough to not die in the path library? Return
> + error-free. */
> + if (! PATH_IS_PLATFORM_EMPTY(path, len)
> + && (len <= 1 || path[len-1] != '/'))
> + return NULL;
> +
> + /* Otherwise, generate a generic HTTP_BAD_REQUEST error. */
> + return dav_new_error_tag
> + (pool, HTTP_BAD_REQUEST, 0,
> + apr_psprintf(pool,
> + "Path '%s' is not canonicalized; "
> + "there is a problem with the client.", path),
> + SVN_DAV_ERROR_NAMESPACE, SVN_DAV_ERROR_TAG);
> +}
>
Would it be more maintainable to just run svn_path_canonicalize *and
compare* the result with the argument? That wouldn't cost much and you
already have a pool anyway.

Regards,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Feb 4 08:31:44 2005

This is an archived mail posted to the Subversion Dev mailing list.