You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by hw...@apache.org on 2011/08/18 21:22:47 UTC

svn commit: r1159365 - in /subversion/branches/1.7.x: ./ STATUS subversion/libsvn_subr/validate.c

Author: hwright
Date: Thu Aug 18 19:22:46 2011
New Revision: 1159365

URL: http://svn.apache.org/viewvc?rev=1159365&view=rev
Log:
Merge r1159230 from trunk:

 * r1159230
   Fix issue #2872: Don't let committers set arbitrary HTTP headers on files.
   Votes:
     +1: danielsh, arfrever, rhuijben

Modified:
    subversion/branches/1.7.x/   (props changed)
    subversion/branches/1.7.x/STATUS
    subversion/branches/1.7.x/subversion/libsvn_subr/validate.c

Propchange: subversion/branches/1.7.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Aug 18 19:22:46 2011
@@ -59,4 +59,4 @@
 /subversion/branches/tree-conflicts:868291-873154
 /subversion/branches/tree-conflicts-notify:873926-874008
 /subversion/branches/uris-as-urls:1060426-1064427
-/subversion/trunk:1146013,1146121,1146219,1146222,1146274,1146492,1146555,1146606,1146620,1146684,1146781,1146832,1146834,1146870,1146899,1146904,1147293,1147309,1147882,1148071,1148083,1148094,1148131,1148374,1148424,1148566,1148588,1148853,1148877,1148882,1148936,1149105,1149141,1149160,1149228,1149240,1149343,1149371-1149372,1149377,1149398,1149401,1149539,1149572,1149627,1149675,1149701,1149713,1150242,1150254,1150260-1150261,1150266,1150302,1150327,1150368,1150372,1150441,1150506,1150812,1150853,1151036,1151177,1151610,1151906,1151911,1152129,1152140,1152189-1152190,1152282,1152726,1153138,1153141,1153416,1153799,1153807,1153968,1154009,1154023,1154115,1154119,1154121,1154144,1154155,1154159,1154165,1154215,1154225,1154273,1154461,1154717-1154718,1154733,1154908,1154982,1155015,1155044,1155124,1155131,1155160,1155313,1155334,1155391,1155404,1156085,1156098,1156216,1156218,1156312,1156527,1156717,1156721,1156750,1156827,1156838,1157416,1158193-1158194,1158196,1158201,115
 8207,1158209-1158210,1158217,1158285,1158288,1158303,1158407,1158419,1158421,1158436,1158455,1158634,1158854,1158893,1159093,1159098,1159101
+/subversion/trunk:1146013,1146121,1146219,1146222,1146274,1146492,1146555,1146606,1146620,1146684,1146781,1146832,1146834,1146870,1146899,1146904,1147293,1147309,1147882,1148071,1148083,1148094,1148131,1148374,1148424,1148566,1148588,1148853,1148877,1148882,1148936,1149105,1149141,1149160,1149228,1149240,1149343,1149371-1149372,1149377,1149398,1149401,1149539,1149572,1149627,1149675,1149701,1149713,1150242,1150254,1150260-1150261,1150266,1150302,1150327,1150368,1150372,1150441,1150506,1150812,1150853,1151036,1151177,1151610,1151906,1151911,1152129,1152140,1152189-1152190,1152282,1152726,1153138,1153141,1153416,1153799,1153807,1153968,1154009,1154023,1154115,1154119,1154121,1154144,1154155,1154159,1154165,1154215,1154225,1154273,1154461,1154717-1154718,1154733,1154908,1154982,1155015,1155044,1155124,1155131,1155160,1155313,1155334,1155391,1155404,1156085,1156098,1156216,1156218,1156312,1156527,1156717,1156721,1156750,1156827,1156838,1157416,1158193-1158194,1158196,1158201,115
 8207,1158209-1158210,1158217,1158285,1158288,1158303,1158407,1158419,1158421,1158436,1158455,1158634,1158854,1158893,1159093,1159098,1159101,1159230

Modified: subversion/branches/1.7.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1159365&r1=1159364&r2=1159365&view=diff
==============================================================================
--- subversion/branches/1.7.x/STATUS (original)
+++ subversion/branches/1.7.x/STATUS Thu Aug 18 19:22:46 2011
@@ -127,8 +127,3 @@ Approved changes:
      stability.
    Votes:
      +1: rhuijben, cmpilato, arfrever
-
- * r1159230
-   Fix issue #2872: Don't let committers set arbitrary HTTP headers on files.
-   Votes:
-     +1: danielsh, arfrever, rhuijben

Modified: subversion/branches/1.7.x/subversion/libsvn_subr/validate.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_subr/validate.c?rev=1159365&r1=1159364&r2=1159365&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_subr/validate.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_subr/validate.c Thu Aug 18 19:22:46 2011
@@ -45,6 +45,7 @@ svn_mime_type_validate(const char *mime_
      specification, e.g., "text/html; charset=UTF-8", make sure we're
      only looking at the media type here. */
   const apr_size_t len = strcspn(mime_type, "; ");
+  const apr_size_t len2 = strlen(mime_type);
   const char *const slash_pos = strchr(mime_type, '/');
   apr_size_t i;
   const char *tspecials = "()<>@,;:\\\"/[]?=";
@@ -69,7 +70,19 @@ svn_mime_type_validate(const char *mime_
             || (strchr(tspecials, mime_type[i]) != NULL)))
         return svn_error_createf
           (SVN_ERR_BAD_MIME_TYPE, NULL,
-           _("MIME type '%s' contains invalid character '%c'"),
+           _("MIME type '%s' contains invalid character '%c' "
+             "in media type"),
+           mime_type, mime_type[i]);
+    }
+
+  /* Check the whole string for unsafe characters. (issue #2872) */
+  for (i = 0; i < len2; i++)
+    {
+      if (svn_ctype_iscntrl(mime_type[i]) && mime_type[i] != '\t')
+        return svn_error_createf(
+           SVN_ERR_BAD_MIME_TYPE, NULL,
+           _("MIME type '%s' contains invalid character '0x%02x' "
+             "in postfix"),
            mime_type, mime_type[i]);
     }