[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

mod_dav_svn not XML-escaping hook error messages

From: Jon Foster <Jon.Foster_at_cabot.co.uk>
Date: Mon, 14 Dec 2009 13:20:58 -0000

Hi,

I'd like to report a problem with mod_dav_svn and repository
hooks. I had a bug in my post-revprop-change script, but all I
saw was:

> $ svn propedit --revprop -r 19 svn:log
> svn: DAV request failed; it's possible that the repository's
> pre-revprop-change hook either failed or is non-existent
> svn: At least one property change failed; repository is unchanged
> svn: XML data was not well-formed

It seems that mod_dav_svn doesn't escape special XML characters like
"<" and ">" in the error messages from hook scripts. This causes
corrupt XML to be sent across the wire. Here's a Wireshark capture
of the response to the PROPPATCH:

--- START WIRESHARK CAPTURE ---
HTTP/1.1 207 Multi-Status
Date: Mon, 14 Dec 2009 12:42:10 GMT
Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.6.6 mod_ssl/2.2.9
OpenSSL/0.9.8g
Content-Length: 773
Content-Type: text/xml; charset="utf-8"

<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:"
xmlns:ns3="http://subversion.tigris.org/xmlns/dav/"
xmlns:ns2="http://subversion.tigris.org/xmlns/custom/"
xmlns:ns1="http://subversion.tigris.org/xmlns/svn/"
xmlns:ns0="DAV:">
<D:response>
<D:href>/svn/kenny/!svn/bln/19</D:href>
<D:propstat>
<D:prop><ns1:log/>
</D:prop>
<D:status>HTTP/1.1 500 (status)</D:status>
<D:responsedescription>
post-revprop-change hook failed (exit code 1) with output:
Traceback (most recent call last):
  File "/srv/svn/kenny/hooks/post_revprop_change.py", line 9, in
<module>
    from some_module import some_function
ImportError: cannot import name some_function
</D:responsedescription>
</D:propstat>
</D:response>
</D:multistatus>
--- END WIRESHARK CAPTURE ---

The "<module>" part is invalid XML; but shouldn't mod_dav or
mod_dav_svn be escaping this?

This seems to have been reported previously (with the "&"
character not being escaped):

http://svn.haxx.se/users/archive-2007-05/0016.shtml

But I can't see it in the bug tracker.

I'm using Subversion 1.6.6 compiled from source, and the Apache
package provided by Debian.

Kind regards,

Jon

**********************************************************************
This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Cabot Communications Ltd.

If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.

Cabot Communications Limited
Verona House, Filwood Road, Bristol BS16 3RY, UK
+44 (0) 1179584232

Co. Registered in England number 02817269

Please contact the sender if you believe you have received this email in error.

**********************************************************************

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Received on 2009-12-14 14:21:31 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.