[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: about priviledge control and authz file's bug

From: Bagnall, Martin <Martin.Bagnall_at_hmhpub.com>
Date: Wed, 4 Mar 2009 12:14:54 -0000

Thanks for the updated redirect statements.

My system uses the CollabNet binaries - Apache 2.2.8, Subversion 1.5.5
on Windows Server 2003. The problem also occurs on my test system
(Windows XP).

I don't understand why the problem occurs either, I would expect to see
the message that you get. I couldn't find any fix for it, hence the
workaround using the redirects.

The problem only affects the portion of the URL that has the name of the

-----Original Message-----
From: Ryan Schmidt [mailto:subversion-2009a_at_ryandesign.com]
Sent: 03 March 2009 03:51
To: Bagnall, Martin
Cc: Buddy wu; users_at_subversion.tigris.org
Subject: Re: about priviledge control and authz file's bug

On Mar 2, 2009, at 09:58, Bagnall, Martin wrote:

> Ryan Schmidt wrote:
>> On Feb 27, 2009, at 09:10, Bagnall, Martin wrote:
>>> Thanks - I found later that what I'd originally written also
>>> matched a
>>> directory structure rather than just the directory immediately
>>> under svn
>>> (or viewvc). This is the regular expression I ended up going with:
>>> RedirectMatch 301 /svn/([^/]*)\./ /svn/$1/
>>> RedirectMatch 301 /viewvc/([^/]*)\./ /viewvc/$1/
>> You probably want to anchor these matches to the beginning and end of
>> the string.
>> RedirectMatch 301 ^/svn/([^/]*)\./$ /svn/$1/
>> RedirectMatch 301 ^/viewvc/([^/]*)\./$ /viewvc/$1/
> Unfortunately the $ used to anchor the end of the string means that a
> variation of the original issue remains, i.e. a user can access the
> likes of:
> http://server/svn/TestRepos./trunk

Ok, then maybe anchor the string at the beginning, and test for end
of string or slash at the end:

RedirectMatch 301 ^/svn/([^/]*)\.(/|$) /svn/$1/
RedirectMatch 301 ^/viewvc/([^/]*)\.(/|$) /viewvc/$1/

Or you could combine them:

RedirectMatch 301 ^/((svn|viewvc)/[^/]*)\.(/|$) /$1/

I still don't see why you're still able to access the resource when
you add a dot to the end of it. I don't see why that would be
possible. It doesn't work on my system. If I try "http://svn.myserver/
repositoryname./" I get "Could not open the requested SVN
filesystem." My system is Apache 2.2.11, Subversion 1.5.5, Mac OS X
10.4.11 Intel. Though I'm not using authz.


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-04 14:29:12 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.