kameshj_at_apache.org wrote:
> Author: kameshj
> Date: Mon Apr 12 11:26:28 2010
> New Revision: 933194
>
> URL: http://svn.apache.org/viewvc?rev=933194&view=rev
> Log:
> [issue2753] Fix issue 2753.
>
> Relax requests aimed at the repo Parent path from authz control.
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (create_authz_svn_dir_config): Canonicalize conf->base_path.
> (req_check_access): When canonicalized 'uri' and 'conf->base_path' are same
> allow the request.
> (access_checker, check_user_id, auth_checker):
> Initialize repos_path to 'NULL' otherwise it can point
> to stray values when req_check_access relaxes certain requests without
> initialising the out parameters.
In a perfect world, I would expect that requests to the parent directory
would not be authz-denied, but that each repository in the listing of
repositories would be authz-checked against the authz configuration. In
other words, say I have a parent-path with three repositories: calc, watch,
lamp. And say I have an authz file like so:
[lamp:/]
* =
I would expect that a request to the parent directory would yield a listing
that included the 'calc' and 'watch' repositories, but not the 'lamp' one.
Is that the case?
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2010-04-12 16:19:46 CEST