This is a reminder about issue #2423 which describes a problem with mod_dav_svn
and file/path names with ":" in them.
This should (IMHO) be a candidate for 1.3.x backport (and 1.2.x?) due to both
the security/privacy issue and the fact that the fix is rather simple.
See <http://svn.haxx.se/dev/archive-2005-11/0224.shtml> and the patch at
<http://subversion.tigris.org/nonav/issues/showattachment.cgi/518/svn-colon.patch>
--
Michael Sinz Technology and Engineering Director/Consultant
"Starting Startups" mailto:michael.sinz@sinz.org
My place on the web http://www.sinz.org/Michael.Sinz
[[[
Fix mod_dav_svn such that files and directories with ":" in their names are
correctly escaped when returned in the HTML and XML output. Without this fix
the links to those files and directories are invalid.
* subversion/mod_dav_svn/repos.c
(dav_svn_deliver): When escaping the href use ap_os_escape_path( , , 0) which
will prepend "./" to the href if there is a ":" before the first "/" rather
than using ap_escape_uri() which does not do the prepending.
]]]
Index: subversion/mod_dav_svn/repos.c
===================================================================
--- subversion/mod_dav_svn/repos.c (revision 16897)
+++ subversion/mod_dav_svn/repos.c (working copy)
@@ -2458,7 +2458,7 @@
/* We quote special characters in both XML and HTML. */
name = apr_xml_quote_string(entry_pool, name, !gen_html);
- href = ap_escape_uri(entry_pool, href);
+ href = ap_os_escape_path(entry_pool, href, 0);
href = apr_xml_quote_string(entry_pool, href, 1);
if (gen_html)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Nov 12 04:30:25 2005