[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Double-XML escape bug in svn log --xml -v

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Tue, 09 Sep 2008 22:07:42 -0400

<Jeffrey.Klein_at_priorityhealth.com> writes:
> We just had a problem with the XML output of svn log ?xml -v. When the
> copyfrom-path
> contains an XML special character, it gets XML encoded twice:
>
> <paths>
> <path
> action="D">/project/Jeff's File</path>
> <path
> copyfrom-path="/project/Jeff&amp;apos;s File"
> copyfrom-rev="47"
> action="A">/project/Dave's File</path>
> </paths>
> <msg>This is Dave's now.
> </msg>
>
> In svn/svn-log.c, log_entry_receiver_xml() calls svn_xml_escape_attr_cstring()
> and passes the result to svn_xml_make_open_tag(), but that function already
> escapes any attribute values.
>
> Is this documented|known|desired behavior? If not, would fixing it break
> anything else?

Definitely undesirable, and thank you for tracing the problem into the
code. I'm testing the patch below right now; if it passes the
regression tests, I'll commit it.

[[[
* subversion/svn/log-cmd.c
  (log_entry_receiver_xml): Don't double-escape the copyfrom_path;
    svn_xml_make_open_tag will escape it anyway.

Found by: Jeffrey Klein <Jeffrey.Klein_at_priorityhealth.com>
(He not only reported the bug, but located the problem in the code.)
]]]

Index: subversion/svn/log-cmd.c
===================================================================
--- subversion/svn/log-cmd.c (revision 33010)
+++ subversion/svn/log-cmd.c (working copy)
@@ -381,14 +381,11 @@
               && SVN_IS_VALID_REVNUM(log_item->copyfrom_rev))
             {
               /* <path action="X" copyfrom-path="xxx" copyfrom-rev="xxx"> */
- svn_stringbuf_t *escpath = svn_stringbuf_create("", pool);
- svn_xml_escape_attr_cstring(&escpath,
- log_item->copyfrom_path, pool);
               revstr = apr_psprintf(pool, "%ld",
                                     log_item->copyfrom_rev);
               svn_xml_make_open_tag(&sb, pool, svn_xml_protect_pcdata, "path",
                                     "action", action,
- "copyfrom-path", escpath->data,
+ "copyfrom-path", log_item->copyfrom_path,
                                     "copyfrom-rev", revstr, NULL);
             }
           else

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-09-10 04:08:09 CEST

This is an archived mail posted to the Subversion Dev mailing list.