You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Gustavo Leite de Mendonça Chaves <gu...@gnustavo.com> on 2008/09/01 11:22:49 UTC

BUG?: lock message isn't correctly escaped

I'm using "SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2" and
"CollabNetSubversion-client-1.5.1-5.win32.exe" on a Windows XP machine.

When I try to get a lock passing a message containing the characters
"<" and ">" I get a "BAD REQUEST (error 400)" message back.
The problem occurs with TortoiseSVN and with the command line command.

I can obtain the same lock using the command "svn lock -m'<asdf>'
file" on the Linux command line.

Sniffing the HTTP transaction I saw that the '<' and '>' characters
were changed by the 'svn lock' command on Linux to their HTML
equivalents of "&lt;" and "&gt;". But the Windows commands
didn't escape the message and then the XML containing it ended
being malformed.

The actual HTTP message that I got from the sniffer is this:

------------------------------------------------------------
LOCK /path/tp/file HTTP/1.1
Host: svn
User-Agent: SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2
Connection: TE
TE: trailers
Depth: 0
Timeout: Infinite
Content-Type: text/xml; charset="utf-8"
X-SVN-Version-Name: 1057
Content-Length: 235
Authorization: Basic somerandomstring==

<?xml version="1.0" encoding="utf-8" ?><D:lockinfo xmlns:D="DAV:">
<D:lockscope><D:exclusive /></D:lockscope> <D:locktype><D:write /></
D:locktype> <D:owner>[#<n..mero do bug>][<nome do projeto]<coment..rio
livre></D:owner></D:lockinfo>
---------------------------------

The response began with a "HTTP/1.1 400 Bad Request". You can see that
the message inside the D:owner tag isn't properly escaped.

Using the same message in a 'svn commit' command on Windows works. The
problem seems to be specific to the lock command.

I've posted this bug in the TortoiseSVN mailing list first
(http://groups.google.com/group/tortoisesvn/browse_thread/thread/220ddcf2fb629426)

Gustavo.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org