[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

BUG?: lock message isn't correctly escaped

From: Gustavo Leite de Mendonça Chaves <gustavo_at_gnustavo.com>
Date: Mon, 1 Sep 2008 08:22:49 -0300

I'm using "SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2" and
"CollabNetSubversion-client-1.5.1-5.win32.exe" on a Windows XP machine.

When I try to get a lock passing a message containing the characters
"<" and ">" I get a "BAD REQUEST (error 400)" message back.
The problem occurs with TortoiseSVN and with the command line command.

I can obtain the same lock using the command "svn lock -m'<asdf>'
file" on the Linux command line.

Sniffing the HTTP transaction I saw that the '<' and '>' characters
were changed by the 'svn lock' command on Linux to their HTML
equivalents of "&lt;" and "&gt;". But the Windows commands
didn't escape the message and then the XML containing it ended
being malformed.

The actual HTTP message that I got from the sniffer is this:

------------------------------------------------------------
LOCK /path/tp/file HTTP/1.1
Host: svn
User-Agent: SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2
Connection: TE
TE: trailers
Depth: 0
Timeout: Infinite
Content-Type: text/xml; charset="utf-8"
X-SVN-Version-Name: 1057
Content-Length: 235
Authorization: Basic somerandomstring==

<?xml version="1.0" encoding="utf-8" ?><D:lockinfo xmlns:D="DAV:">
<D:lockscope><D:exclusive /></D:lockscope> <D:locktype><D:write /></
D:locktype> <D:owner>[#<n..mero do bug>][<nome do projeto]<coment..rio
livre></D:owner></D:lockinfo>
---------------------------------

The response began with a "HTTP/1.1 400 Bad Request". You can see that
the message inside the D:owner tag isn't properly escaped.

Using the same message in a 'svn commit' command on Windows works. The
problem seems to be specific to the lock command.

I've posted this bug in the TortoiseSVN mailing list first
(http://groups.google.com/group/tortoisesvn/browse_thread/thread/220ddcf2fb629426)

Gustavo.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-09-02 05:53:51 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.