kmradke_at_rockwellcollins.com wrote on Thu, 2 Apr 2009 at 17:18 -0500:
> After posting on users, I have now verified that lock messages
> are not correctly xml escaped over neon in both svn 1.5 and 1.6.
>
>
> svn lock http://server/repo/path/to/file.txt -m"Lock & load"
>
> fails with error:
>
> svn: Server sent unexpected return value (400 Bad Request) in response to
> LOCK request for '/repo/path/to/file.txt'
>
> Looking at the xml sent from the client to the server it is obviously not
> escaped:
>
> <?xml version="1.0" encoding="utf-8" ?><D:lockinfo xmlns:D="DAV:">
> <D:lockscope><D:exclusive /></D:lockscope> <D:locktype><D:write
> /></D:locktype> <D:owner>Lock & load</D:owner></D:lockinfo>
>
> "&" should be replaced with "&"
>
> Line 411 of libsvn_client/locking_commands.c is checking to make
> sure the comment doesn't contain non-xml escapable characters, but
> isn't escaping the string.
FWIW, same in svn_ra_lock() in ra_loader.c.
> I'm not sure if it should (since not all ra layers will probably need
> the comment xml escaped.)
>
> Is the proper place to xml escape this around line 274
> of libsvn_ra_neon/lock.c? (And possibly somewhere in the other
> ra layers?)
>
Agreed. +1 to fixing it in libsvn_ra_neon/lock.c (in
svn_ra_neon__lock() or one of its helpers).
> (This seems like a trivial fix, so I'm not offended if someone
> else beats me to a patch...)
>
Agreed...
Daniel
> Thanks!
> Kevin R.
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1525355
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1560403
Received on 2009-04-06 12:15:26 CEST