[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Issue links in commit log

From: Cosmin Pirvu <cosmin.pirvu_at_asitrack.com>
Date: Thu, 06 Feb 2014 00:11:19 +0100

On 2/5/2014 23:13, Ben Fritz wrote:
> On Wed, Feb 5, 2014 at 6:19 AM, Cosmin Pirvu <cosmin.pirvu_at_asitrack.com> wrote:
>> Hi guys,
>>
>> I'm trying to integrate a custom issue tracker with tortoisesvn. My
>> bugtraq:url looks something like this:
>>
>> file:///C:\Issues\tracker.exe%20%BUGID%
>>
> Let me rephrase your question:
>
> "Is there a property I can set in my SVN repository, that allows me to
> run an arbitrary executable on a user's file system when they click on
> the bug tracker link?"
>
> I really, really hope the answer to that question is "no".
>
> What if your bug tracker URL looked something like this?
>
> file:///C:\Windows\System32\cmd.exe%20-c%20format%20C:&REM%20%BUGID%
>
> Or this?
>
> file:///C:\Malware\email_credit_card_info.exe&REM%20%BUGID%

It's not an arbitrary executable, it's an issue tracker. That's the
whole point. Not all issue trackers are web apps.

Also, the bugtraq properties need to be set manually. You have to set
that URL yourself, it cannot be done automatically. So your security
concerns are unfounded.

Anyway, it looks like tortoisesvn doesn't handle the "file://" protocol
separately. So it basically supports only web apps.

Cosmin

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3072586

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-02-06 00:11:28 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.