You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "Peter N. Lundblad" <pe...@famlundblad.se> on 2005/02/04 07:31:15 UTC

Re: svn commit: r12904 - trunk/subversion/mod_dav_svn

On Wed, 2 Feb 2005 cmpilato@tigris.org wrote:

> Author: cmpilato
> Date: Wed Feb  2 10:50:34 2005
> New Revision: 12904
>
> Log:
> A piece of issue #2199.  Check paths entering Subversion via
> mod_dav_svn custom REPORT requests for canonicalization, erroring if
> they don't pass muster.  (This was attempted once in r12738, reverted
> in r12903.  This time I'm shrinking the scope to just mod_dav_svn.)
>
> * subversion/mod_dav_svn/dav_svn.h
> * subversion/mod_dav_svn/util.c
>   (dav_svn__test_canonical): New.
>
...
> Modified: trunk/subversion/mod_dav_svn/util.c
> Url: http://svn.collab.net/viewcvs/svn/trunk/subversion/mod_dav_svn/util.c?view=diff&rev=12904&p1=trunk/subversion/mod_dav_svn/util.c&r1=12903&p2=trunk/subversion/mod_dav_svn/util.c&r2=12904
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/util.c	(original)
> +++ trunk/subversion/mod_dav_svn/util.c	Wed Feb  2 10:50:34 2005
> @@ -358,3 +358,25 @@
>      return svn_error_create(SVN_ERR_APMOD_CONNECTION_ABORTED, 0, NULL);
>    return SVN_NO_ERROR;
>  }
> +
> +
> +/* ### Much of this is duplicated from libsvn_subr/path.c */
> +#define PATH_IS_PLATFORM_EMPTY(s,n) ((n) == 1 && (s)[0] == '.')
> +dav_error * dav_svn__test_canonical(const char *path, apr_pool_t *pool)
> +{
> +  apr_size_t len = strlen(path);
> +
> +  /* Is it canonical enough to not die in the path library?  Return
> +     error-free. */
> +  if (! PATH_IS_PLATFORM_EMPTY(path, len)
> +      && (len <= 1 || path[len-1] != '/'))
> +    return NULL;
> +
> +  /* Otherwise, generate a generic HTTP_BAD_REQUEST error. */
> +  return dav_new_error_tag
> +    (pool, HTTP_BAD_REQUEST, 0,
> +     apr_psprintf(pool,
> +                  "Path '%s' is not canonicalized; "
> +                  "there is a problem with the client.", path),
> +     SVN_DAV_ERROR_NAMESPACE, SVN_DAV_ERROR_TAG);
> +}
>
Would it be more maintainable to just run svn_path_canonicalize *and
compare* the result with the argument? That wouldn't cost much and you
already have a pool anyway.

Regards,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org