You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Roland Ruedenauer <Ro...@yellow-computing.de> on 2004/09/22 09:58:53 UTC
Missing XML escape in libsvn_ra_dav/fetch.c function "make_reporter"
The value of parameter "target" in function "make_reporter" (file
libsvn_ra_dav/fetch.c) needs to be xml escaped, when constructing
the DAV request.
Currently, if the filename in parameter "target" contains an
ampersand character, an invalid xml document will be sent to the
server.
>>>
/* Pre-0.36 servers don't like to see an empty target string. */
if (*target)
{
s = apr_psprintf(pool,
"<S:update-target>%s</S:update-target>",
target);
SVN_ERR( svn_io_file_write_full(rb->tmpfile, s, strlen(s), NULL,
pool) );
}
<<<
--
Roland RĂ¼denauer
____________
Virus checked by inet.yellow-computing.de
Version: AVK 15.0.149, 22.09.2004
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org