Re: [PATCH] Make mod_authz_svn to apply the authz checks against upper/lowercased usernames

From: Daniel L. Rall <dlr_at_finemaltcoding.com>
Date: Thu, 13 Mar 2008 15:51:07 -0800

On Thu, 13 Mar 2008, David Glasser wrote:

> 2008/3/7 Kamesh Jayachandran <kamesh_at_collab.net>:
...
> > +static char* get_username_to_authorize(request_rec *r,
> > + authz_svn_config_rec *conf)
> > +{
> > + char *username_to_authorize = r->user;
> > + if (conf->usernamecase) {
> > + username_to_authorize = apr_pstrdup(r->pool, r->user);
> > + if (strcasecmp(conf->usernamecase, "upper") == 0)
> > + convert_to_uppercase_string(username_to_authorize);
> > + else
> > + convert_to_lowercase_string(username_to_authorize);
>
> Maybe check (perhaps somewhere else) that the given option is really
> upper or lower? Silently accepting, say, "uppercase" as "lower" can
> be confusing.

I had the same thought when looking through this originally, but forgot to
mention it.

Garbage values shouldn't perform any conversion, and should log an error.
Or, cause a config file parse failure.

application/pgp-signature attachment: stored

Received on 2008-03-14 00:49:57 CET

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: Show all options for conflict resolution"
Previous message: Blair Zajac: "Show all options for conflict resolution"
In reply to: David Glasser: "Re: [PATCH] Make mod_authz_svn to apply the authz checks against upper/lowercased usernames"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]