Re: Bug: committers can set arbitrary HTTP Headers on any file

From: David Glasser <glasser_at_davidglasser.net>
Date: 2007-08-13 05:53:38 CEST

On 8/10/07, Brian W. Fitzpatrick <fitz@red-bean.com> wrote:
> On 8/10/07, David Glasser <glasser@davidglasser.net> wrote:
> > On 8/10/07, Brian W. Fitzpatrick <fitz@red-bean.com> wrote:
> > > Summary: by providing a multi-line value for the svn:mime-type
> > > property, you can add arbitrary headers to any mod_dav_svn response
> > > for a file in a Subversion repository
> >
> > Should we also report this to Apache HTTPD as a bug in ap_set_content_type?
>
> What should the behavior be if it gets a multiline value? I'm inclined
> to just own this one...

Well, I certainly think we should fix it ourselves, since even if it's
an Apache bug we wouldn't necessarily require the newest version. I
don't know how Apache HTTPD does error handling and the like, so I'm
not sure what its behavior should be.

--dave

-- 
David Glasser | glasser_at_davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Aug 13 05:51:38 2007

This message: [ Message body ]
Next message: Senthil Kumaran S: "[PATCH] Refactor code for --auto-props and --no-auto-props mutual exclusion"
Previous message: Brian W. Fitzpatrick: "Re: Bug: committers can set arbitrary HTTP Headers on any file"
In reply to: Brian W. Fitzpatrick: "Re: Bug: committers can set arbitrary HTTP Headers on any file"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]