[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

missing URI encoding in D:href in PROPFIND responses by dav_svn

From: Stephane Chazelas <stephane.chazelas_at_gmail.com>
Date: Wed, 26 Feb 2014 13:18:36 +0000

With apache 2.4.7 and subversion 1.8.8 (as in the not-yet-released ubuntu 14.04
as of today), we see PROPFIND responses that have:


  PROPFIND /svn/ HTTP/1.1
  User-Agent: cadaver/0.23.3 neon/0.29.1
  <?xml version="1.0" encoding="utf-8"?>
  <propfind xmlns="DAV:"><prop>
  <getcontentlength xmlns="DAV:"/>
  <getlastmodified xmlns="DAV:"/>
  <executable xmlns="http://apache.org/dav/props/"/>
  <resourcetype xmlns="DAV:"/>
  <checked-in xmlns="DAV:"/>
  <checked-out xmlns="DAV:"/>


  HTTP/1.1 207 Multi-Status
  Date: Wed, 26 Feb 2014 08:40:23 GMT
  Server: Apache/2.4.7 (Ubuntu)
  Content-Length: 2549
  Content-Type: text/xml; charset="utf-8"

  <?xml version="1.0" encoding="utf-8"?>
  <D:multistatus xmlns:D="DAV:" xmlns:ns1="http://apache.org/dav/props/" xmlns:ns0="DAV:">
  <D:response xmlns:lp1="DAV:" xmlns:lp3="http://subversion.tigris.org/xmlns/dav/" xmlns:g0="http://apache.org/dav/props/" xmlns:g1="DAV:">
⇨ <D:href>/svn/a>b</D:href>
  <D:response xmlns:lp1="DAV:" xmlns:lp3="http://subversion.tigris.org/xmlns/dav/" xmlns:g0="DAV:" xmlns:g1="http://apache.org/dav/props/">
⇨ <D:href>/svn/A B/</D:href>
  <D:response xmlns:lp1="DAV:" xmlns:lp3="http://subversion.tigris.org/xmlns/dav/" xmlns:g0="http://apache.org/dav/props/" xmlns:g1="DAV:">
⇨ <D:href>/svn/%2F</D:href>

Those are files called "a>b", "A B" and "%2F" stored in the repository. The <D:href> should have been encoded to:

⇨ <D:href>/svn/a%3Eb</D:href>
⇨ <D:href>/svn/A%20B/</D:href>
⇨ <D:href>/svn/%252F</D:href>

and cause the clients to fail to parse the response properly.

Newer subversion clients no longer use PROPFIND, but that bug
can be seen when using older subversion clients (like 1.6.17) or
using other DAV clients (like cadaver above).

dav_fs doesn't have the same problem. I suspect the bug was introduced by the fix to
https://issues.apache.org/bugzilla/show_bug.cgi?id=55397 which
no longer encodes URIs coming from the provider

To reproduce:

On a Ubuntu 14.04 test machine:

apt-get install apache2 subversion libapache2-mod-svn
a2enmod dav_svn
svnadmin create /srv/svn
chown -R www-data: /srv/svn
cat > /etc/apache2/mods-available/dav_svn.conf << EOF
<Location /svn>
  DAV svn
  SVNPath /srv/svn
service apache2 restart

Populate the repository with:

svn co http://server/svn test
cd test
echo test > 'A B'
svn add 'A B'
svn ci -m m


telnet server 80
PROPFIND /svn/A%20B HTTP/1.1
Host: server
Connection: close

(or use cadaver or other DAV client, or svn log 'A B' with a 1.6 client).

Additional information:

That bug was raised at ubuntu at:

https://issues.apache.org/bugzilla/show_bug.cgi?id=55397 is a
followup on

whose fix itself had broken earlier versions of dav_svn by causing
Location headers to be URI-encoded twice (which you can observe
by doing a CHECKOUT with a subversion client 1.6.17 on a ubuntu
13.10 server (apache 2.4.6 with dav_svn 1.7.9) on a filename
with spaces).

I could be that that still applies in svn 1.8.8 with apache 2.4.7 but I could
not test it because of the other bug (the one I'm reporting here) which
triggers sooner so the CHECKOUT is never sent by the client.

Best regards,
Received on 2014-02-26 22:52:07 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.