On 2/5/2014 23:13, Ben Fritz wrote:
> On Wed, Feb 5, 2014 at 6:19 AM, Cosmin Pirvu <cosmin.pirvu_at_asitrack.com> wrote:
>> Hi guys,
>>
>> I'm trying to integrate a custom issue tracker with tortoisesvn. My
>> bugtraq:url looks something like this:
>>
>> file:///C:\Issues\tracker.exe%20%BUGID%
>>
> Let me rephrase your question:
>
> "Is there a property I can set in my SVN repository, that allows me to
> run an arbitrary executable on a user's file system when they click on
> the bug tracker link?"
>
> I really, really hope the answer to that question is "no".
>
> What if your bug tracker URL looked something like this?
>
> file:///C:\Windows\System32\cmd.exe%20-c%20format%20C:&REM%20%BUGID%
>
> Or this?
>
> file:///C:\Malware\email_credit_card_info.exe&REM%20%BUGID%
It's not an arbitrary executable, it's an issue tracker. That's the
whole point. Not all issue trackers are web apps.
Also, the bugtraq properties need to be set manually. You have to set
that URL yourself, it cannot be done automatically. So your security
concerns are unfounded.
Anyway, it looks like tortoisesvn doesn't handle the "file://" protocol
separately. So it basically supports only web apps.
Cosmin
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3072586
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-02-06 00:11:28 CET