[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bug: committers can set arbitrary HTTP Headers on any file

From: David Glasser <glasser_at_davidglasser.net>
Date: 2007-08-13 05:53:38 CEST

On 8/10/07, Brian W. Fitzpatrick <fitz@red-bean.com> wrote:
> On 8/10/07, David Glasser <glasser@davidglasser.net> wrote:
> > On 8/10/07, Brian W. Fitzpatrick <fitz@red-bean.com> wrote:
> > > Summary: by providing a multi-line value for the svn:mime-type
> > > property, you can add arbitrary headers to any mod_dav_svn response
> > > for a file in a Subversion repository
> >
> > Should we also report this to Apache HTTPD as a bug in ap_set_content_type?
>
> What should the behavior be if it gets a multiline value? I'm inclined
> to just own this one...

Well, I certainly think we should fix it ourselves, since even if it's
an Apache bug we wouldn't necessarily require the newest version. I
don't know how Apache HTTPD does error handling and the like, so I'm
not sure what its behavior should be.

--dave

-- 
David Glasser | glasser_at_davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Aug 13 05:51:38 2007

This is an archived mail posted to the Subversion Dev mailing list.