[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r23803 - trunk/subversion/mod_dav_svn

From: Erik Huelsmann <ehuels_at_gmail.com>
Date: 2007-03-14 12:40:14 CET

David,

The log says 'Branch: artem-soc-work', but the subject says 'trunk'.

Which is which and what were you trying?

bye,

Erik.

On 3/14/07, djames@tigris.org <djames@tigris.org> wrote:
> Author: djames
> Date: Tue Mar 13 20:47:35 2007
> New Revision: 23803
>
> Log:
> Fix two security holes introduced on the artem-soc-work branch.
>
> * subversion/mod_dav_svn/repos.c
> (copy_resource, move_resource): MOVE and COPY require recursive
> write access to the destination resource.
>
> Branch: artem-soc-work
>
>
>
> Modified:
> trunk/subversion/mod_dav_svn/repos.c
>
> Modified: trunk/subversion/mod_dav_svn/repos.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_dav_svn/repos.c?pathrev=23803&r1=23802&r2=23803
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/repos.c (original)
> +++ trunk/subversion/mod_dav_svn/repos.c Tue Mar 13 20:47:35 2007
> @@ -3123,15 +3123,16 @@
> "autoversioning is not active.");
>
> /* Path-based authorization: COPY requires recursive read access
> - * to the source resource and write access to the destination resource.
> - * XXX: recursive write access?
> + * to the source resource and recursive write access to the
> + * destination resource.
> */
> err = dav_svn__check_resource_access(src,
> svn_authz_read | svn_authz_recursive);
> if (err)
> return err;
>
> - err = dav_svn__check_resource_access(dst, svn_authz_write);
> + err = dav_svn__check_resource_access(dst,
> + svn_authz_write | svn_authz_recursive);
> if (err)
> return err;
>
> @@ -3349,15 +3350,16 @@
> "autoversioning must be active.");
>
> /* Path-based authorization: MOVE requires recursive write access
> - * to source resource and write access to destinaton resource.
> - * XXX: recursive write access?
> + * to the source resource and recursive write access to the
> + * destinaton resource.
> */
> err = dav_svn__check_resource_access(src,
> svn_authz_write | svn_authz_recursive);
> if (err)
> return err;
>
> - err = dav_svn__check_resource_access(dst, svn_authz_write);
> + err = dav_svn__check_resource_access(dst,
> + svn_authz_write | svn_authz_recursive);
> if (err)
> return err;
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svn-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: svn-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 14 12:40:29 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.