You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@subversion.apache.org by "Branko Čibej (JIRA)" <ji...@apache.org> on 2018/12/03 04:30:00 UTC

[jira] [Created] (SVN-4795) Support character classes in glob authz rules

Branko Čibej created SVN-4795:
---------------------------------

             Summary: Support character classes in glob authz rules
                 Key: SVN-4795
                 URL: https://issues.apache.org/jira/browse/SVN-4795
             Project: Subversion
          Issue Type: Improvement
          Components: libsvn_repos, svnauthz
    Affects Versions: all
            Reporter: Branko Čibej


*Proposal*
Change the way section names are parsed in authz files, such that anything between the initial {{\[}} and the last {{\]}} are treated as the section name/rule pattern. This will restrict the use of inline comments on rules, but will allow fuller use of glob patterns.

*Discussion*
Wildcard rules in Subversion's authz file use {{apr_fnmatch()}} to match patterns to path segments. APR's matcher supports character classes ({{[A-Z]}} etc.), however, there is no way to use them in the authz file. For example, given this rule:
{noformat}
[:glob:/**/*.[Dd]oc]
* = rw
{noformat}
the pattern will actually be parsed as "{{/**/*.[Dd}}", which is definitely not what the user intended and matches, for example, "{{x.[Dd}}" instead of the expected "{{x.doc}}".

This limitation was present in the authz rules since their inception and is a side effect of how Subversion's config parser parses section names. See: {{parse_section_name()}} in {{libsvn_subr/config_file.c}}.




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)