[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Make mod_authz_svn to apply the authz checks against upper/lowercased usernames

From: Daniel L. Rall <dlr_at_finemaltcoding.com>
Date: Thu, 13 Mar 2008 15:51:07 -0800

On Thu, 13 Mar 2008, David Glasser wrote:

> 2008/3/7 Kamesh Jayachandran <kamesh_at_collab.net>:
...
> > +static char* get_username_to_authorize(request_rec *r,
> > + authz_svn_config_rec *conf)
> > +{
> > + char *username_to_authorize = r->user;
> > + if (conf->usernamecase) {
> > + username_to_authorize = apr_pstrdup(r->pool, r->user);
> > + if (strcasecmp(conf->usernamecase, "upper") == 0)
> > + convert_to_uppercase_string(username_to_authorize);
> > + else
> > + convert_to_lowercase_string(username_to_authorize);
>
> Maybe check (perhaps somewhere else) that the given option is really
> upper or lower? Silently accepting, say, "uppercase" as "lower" can
> be confusing.

I had the same thought when looking through this originally, but forgot to
mention it.

Garbage values shouldn't perform any conversion, and should log an error.
Or, cause a config file parse failure.

  • application/pgp-signature attachment: stored
Received on 2008-03-14 00:49:57 CET

This is an archived mail posted to the Subversion Dev mailing list.