svn URL's with '..' elements

From: Chris Pickett <chris.pickett_at_mail.mcgill.ca>
Date: 2005-02-23 00:44:52 CET

Hi,

sussman on #svn asked me to bring this up here.

I have three versions of svn installed on various machines, 1.0.4,
1.1.1, and 1.1.3.

Under 1.0.4 I can do:

$ svn ls svn://svn.sablevm.org/sablevm/..
archives/
developers/
libffi/
sablecc/
sablecc-ant-task/
sablecc-grammars/
sablejit/
sablevm/
sablevm-classpath/
sablevm-test-suite/
websites/

but under 1.1.1 and 1.1.3 I get:

$ svn ls svn://svn.sablevm.org/sablevm/..
svn: URL 'svn://svn.sablevm.org/sablevm/..' contains a '..' element

sussman was incredulous about this, saying that for some reason in 1.0
'..' is being accepted deeper in the code, but that validation of URL's
in 1.1 is rejected the command.

Personally, I used this accidental feature a lot, because I would often
use an exported bash variable to save typing, and then simply append /..
to it, e.g.:

$ svn log $STAGING/..

instead of

$ svn log svn+ssh://svn.sablevm.org/public/sablevm/branches/staging/..

so ... I guess this mail serves two purposes:

1) bring this to your attention
2) request that you allow for '..' in a URL again if it isn't a security
hole

I'm not sure what version of svn is running on the server, but I can
find out if you want.

Cheers,
Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 23 00:46:31 2005

This message: [ Message body ]
Next message: Walter Nicholls: "Re: [Locking] commits and unlock (revisited)"
Previous message: kfogel_at_collab.net: "Re: Sorted output from Subversion commands"
Next in thread: Ben Reser: "Re: svn URL's with '..' elements"
Reply: Ben Reser: "Re: svn URL's with '..' elements"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]