RE: about priviledge control and authz file's bug

From: Bagnall, Martin <Martin.Bagnall_at_hmhpub.com>
Date: Wed, 4 Mar 2009 12:14:54 -0000

Thanks for the updated redirect statements.

My system uses the CollabNet binaries - Apache 2.2.8, Subversion 1.5.5
on Windows Server 2003. The problem also occurs on my test system
(Windows XP).

I don't understand why the problem occurs either, I would expect to see
the message that you get. I couldn't find any fix for it, hence the
workaround using the redirects.

The problem only affects the portion of the URL that has the name of the
repository.

-----Original Message-----
From: Ryan Schmidt [mailto:subversion-2009a_at_ryandesign.com]
Sent: 03 March 2009 03:51
To: Bagnall, Martin
Cc: Buddy wu; users_at_subversion.tigris.org
Subject: Re: about priviledge control and authz file's bug

On Mar 2, 2009, at 09:58, Bagnall, Martin wrote:

> Ryan Schmidt wrote:
>
>> On Feb 27, 2009, at 09:10, Bagnall, Martin wrote:
>>
>>> Thanks - I found later that what I'd originally written also
>>> matched a
>>> directory structure rather than just the directory immediately
>>> under svn
>>> (or viewvc). This is the regular expression I ended up going with:
>>>
>>> RedirectMatch 301 /svn/([^/]*)\./ /svn/$1/
>>> RedirectMatch 301 /viewvc/([^/]*)\./ /viewvc/$1/
>>
>> You probably want to anchor these matches to the beginning and end of
>> the string.
>>
>> RedirectMatch 301 ^/svn/([^/]*)\./$ /svn/$1/
>> RedirectMatch 301 ^/viewvc/([^/]*)\./$ /viewvc/$1/
>
> Unfortunately the $ used to anchor the end of the string means that a
> variation of the original issue remains, i.e. a user can access the
> likes of:
> http://server/svn/TestRepos./trunk

Ok, then maybe anchor the string at the beginning, and test for end
of string or slash at the end:

RedirectMatch 301 ^/svn/([^/]*)\.(/|$) /svn/$1/
RedirectMatch 301 ^/viewvc/([^/]*)\.(/|$) /viewvc/$1/
>

Or you could combine them:

RedirectMatch 301 ^/((svn|viewvc)/[^/]*)\.(/|$) /$1/
>

I still don't see why you're still able to access the resource when
you add a dot to the end of it. I don't see why that would be
possible. It doesn't work on my system. If I try "http://svn.myserver/
repositoryname./" I get "Could not open the requested SVN
filesystem." My system is Apache 2.2.11, Subversion 1.5.5, Mac OS X
10.4.11 Intel. Though I'm not using authz.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1266521

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-04 14:29:12 CET

This message: [ Message body ]
Next message: Parashkev Penev: "Re: moving project to a new repository"
Previous message: Greg Troxel: "Re: Problem with merge with 1.5.3"
Maybe in reply to: Bagnall, Martin: "RE: about priviledge control and authz file's bug"
Next in thread: Buddy wu: "Re: about priviledge control and authz file's bug"
Reply: Buddy wu: "Re: about priviledge control and authz file's bug"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]