[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Fix ":" path name issues and cross-site security in mod_dav_svn

From: Michael Sinz <Michael.Sinz_at_sinz.org>
Date: 2005-11-12 04:29:19 CET

This is a reminder about issue #2423 which describes a problem with mod_dav_svn
and file/path names with ":" in them.

This should (IMHO) be a candidate for 1.3.x backport (and 1.2.x?) due to both
the security/privacy issue and the fact that the fix is rather simple.

See <http://svn.haxx.se/dev/archive-2005-11/0224.shtml> and the patch at

Michael Sinz                     Technology and Engineering Director/Consultant
"Starting Startups"                                mailto:michael.sinz@sinz.org
My place on the web                            http://www.sinz.org/Michael.Sinz

Fix mod_dav_svn such that files and directories with ":" in their names are
correctly escaped when returned in the HTML and XML output. Without this fix
the links to those files and directories are invalid.

* subversion/mod_dav_svn/repos.c
   (dav_svn_deliver): When escaping the href use ap_os_escape_path( , , 0) which
     will prepend "./" to the href if there is a ":" before the first "/" rather
     than using ap_escape_uri() which does not do the prepending.

Index: subversion/mod_dav_svn/repos.c
--- subversion/mod_dav_svn/repos.c (revision 16897)
+++ subversion/mod_dav_svn/repos.c (working copy)
@@ -2458,7 +2458,7 @@
         /* We quote special characters in both XML and HTML. */
         name = apr_xml_quote_string(entry_pool, name, !gen_html);
- href = ap_escape_uri(entry_pool, href);
+ href = ap_os_escape_path(entry_pool, href, 0);
         href = apr_xml_quote_string(entry_pool, href, 1);
         if (gen_html)

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Nov 12 04:30:25 2005

This is an archived mail posted to the Subversion Dev mailing list.