On Tue, Oct 13, 2009 at 7:49 PM, Julian Foad <julianfoad_at_btopenworld.com> wrote:
> Bert Huijben wrote:
>> > -----Original Message-----
>> > From: Ivan Zhakov [mailto:ivan_at_visualsvn.com]
>> > Using full URLs like protocol://server/repo/path instead of session
>> > relative path will be ideal solution. Another way is support both full
>> > URLs and repository relative paths.
>>
>> One of the nice things of using just relative paths and not full urls
>> is that we can leave all encoding issues (especially over http/https)
>> to the ra layer implementations.
>>
>> It is very hard to escape special characters everywhere, and that is
>> precisely what most of our current full uri apis require. Everywhere
>> where we forget the escaping, we have a potential security issue.
>>
Agreed. But changing *all* code to work with unescaped urls will be
huge amount of job.
>> The new libsvn_wc code will not handle full uris internally. Only a
>> repository root and paths relative from this root.
>>
>> Everywhere we need a full url, we can perform a single
>> svn_path_url_add_component2() to handle the escaping of the relative
>> path in one place. Forcing escaped uris through all of the code is not
>> something I would like. (I fixed at least 5 or 6 issues caused by
>> wrong escaping in the 1.5.X branch; and there are more open reports of
>> similar issues that haven't been researched yet)
>
> +1 to what Bert says.
>
> I think we should in most cases be using a repository or session
> "object" that knows its root URL.
>
I'm fine to use unescaped repository relative paths instead of
proposed full urls in RA API. Especially if wc-ng code use them
internally. Full urls was just an idea. What I really like to
eliminate is session relative path.
Btw we had to use full URLs at least in svn_ra_open3().
--
Ivan Zhakov
VisualSVN Team
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2407172
Received on 2009-10-13 23:47:55 CEST