[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1533392 - in /subversion/trunk/subversion: libsvn_client/list.c libsvn_ra_svn/client.c

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Fri, 18 Oct 2013 17:39:23 +0100

"Bert Huijben" <bert_at_qqmail.nl> writes:

>> --- subversion/trunk/subversion/libsvn_ra_svn/client.c (original)
>> +++ subversion/trunk/subversion/libsvn_ra_svn/client.c Fri Oct 18 11:22:21
>> 2013
>> @@ -1340,7 +1340,7 @@ static svn_error_t *ra_svn_get_dir(svn_r
>> SVN_ERR(svn_ra_svn__parse_tuple(elt->u.list, pool, "cwnbr(?c)(?c)",
>> &name, &kind, &size, &has_props,
>> &crev, &cdate, &cauthor));
>> - name = svn_relpath_canonicalize(name, pool);
>> +
>
> Then most likely there is a difference between implementation and
> documentation
>
> svn ls -R path
>
> will use this function with deeper names.
>
> See list.c get_dir_contents(), which calls itself recursively with
> longer and longer components.
>
> And I'm pretty sure there are also third party clients that use this
> feature via their own usage of the ra layer.

Even if the docs and current implementation always provide a single
component we should still either canonicalize, or check and raise an
error, to defend against against misbehaving or malicious servers.

-- 
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*
Received on 2013-10-18 18:39:59 CEST

This is an archived mail posted to the Subversion Dev mailing list.