[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.7 checkout dialog open to clipboard injection

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Fri, 12 Aug 2011 17:11:40 +0200

On 12.08.2011 13:39, Stein Somers wrote:
> When opening the checkout dialog on a non-empty folder (to check out
> into a new subfolder), I was surprised to see gibberish entered into
> the url and directory fields. After some experiments, I think that if
> your clipboard contains text starting with a word of at least two
> letters directly followed by a colon, e.g. "am:pm" (without quotes),
> the complete clipboard is pasted as value of both the url and
> directory fields. Maybe this is intended to make it easier to check
> out a URL in your clipboard, but then I don't understand why the
> complete URL is proposed as directory - the dialog itself says that
> colon is not a valid part of a filename (on Windows). If it is
> intended, it should be a little more strict on what it considers to
> be a URL. I don't know where the border is, but if the clipboard
> happens to contain megabytes of lines of text that start with "Error:
> ", it's not meant as a URL...

Improved the url check in r21824.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2817270
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-08-12 17:12:11 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.