You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "C. Michael Pilato" <cm...@collab.net> on 2009/06/19 18:45:09 UTC
Re: Lock message not xml escaped
Daniel Shahaf wrote:
> kmradke@rockwellcollins.com wrote on Thu, 2 Apr 2009 at 17:18 -0500:
>> After posting on users, I have now verified that lock messages
>> are not correctly xml escaped over neon in both svn 1.5 and 1.6.
>>
>>
>> svn lock http://server/repo/path/to/file.txt -m"Lock & load"
>>
>> fails with error:
>>
>> svn: Server sent unexpected return value (400 Bad Request) in response to
>> LOCK request for '/repo/path/to/file.txt'
>>
>> Looking at the xml sent from the client to the server it is obviously not
>> escaped:
>>
>> <?xml version="1.0" encoding="utf-8" ?><D:lockinfo xmlns:D="DAV:">
>> <D:lockscope><D:exclusive /></D:lockscope> <D:locktype><D:write
>> /></D:locktype> <D:owner>Lock & load</D:owner></D:lockinfo>
>>
>> "&" should be replaced with "&"
>>
>> Line 411 of libsvn_client/locking_commands.c is checking to make
>> sure the comment doesn't contain non-xml escapable characters, but
>> isn't escaping the string.
>
> FWIW, same in svn_ra_lock() in ra_loader.c.
>
>> I'm not sure if it should (since not all ra layers will probably need
>> the comment xml escaped.)
>>
>> Is the proper place to xml escape this around line 274
>> of libsvn_ra_neon/lock.c? (And possibly somewhere in the other
>> ra layers?)
>>
>
> Agreed. +1 to fixing it in libsvn_ra_neon/lock.c (in
> svn_ra_neon__lock() or one of its helpers).
>
>> (This seems like a trivial fix, so I'm not offended if someone
>> else beats me to a patch...)
>>
>
> Agreed...
Fixed this (with an accompanying regression test) in r38101 and r38102.
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2363625