BUG?: lock message isn't correctly escaped
Gnustavo
When I try to get a lock passing a message containing the characters
"<" and ">" I get a "BAD REQUEST (error 400)" message back.
I can obtain the same lock using the command "svn lock -m'<asdf>'
file" on the Linux command line.
Sniffing the HTTP transaction I saw that the '<' and '>' characters
were changed by the 'svn lock' command to their HTML equivalents of
"<" and ">". But the TortoiseSVN command didn't escape the
message and then the XML containing it ended being malformed.
The actual HTTP message that I got from the sniffer is this:
------------------------------------------------------------
LOCK /path/tp/file HTTP/1.1
Host: svn
User-Agent: SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2
Connection: TE
TE: trailers
Depth: 0
Timeout: Infinite
Content-Type: text/xml; charset="utf-8"
X-SVN-Version-Name: 1057
Content-Length: 235
Authorization: Basic somerandomstring==
<?xml version="1.0" encoding="utf-8" ?><D:lockinfo xmlns:D="DAV:">
<D:lockscope><D:exclusive /></D:lockscope> <D:locktype><D:write /></
D:locktype> <D:owner>[#<n..mero do bug>][<nome do projeto]<coment..rio
livre></D:owner></D:lockinfo>
---------------------------------
The response began with a "HTTP/1.1 400 Bad Request". You can see that
the message inside the D:owner tag isn't properly escaped.
Isn't this a bug?
Gustavo.
BTW, I haven't tested with messages for other commands (commit, etc.)
so that I can't tell for sure that the same problem occurs there too.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-un...@tortoisesvn.tigris.org
For additional commands, e-mail: users...@tortoisesvn.tigris.org
Stefan Küng
> I'm using "SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2".
>
> When I try to get a lock passing a message containing the characters
> "<" and ">" I get a "BAD REQUEST (error 400)" message back.
>
> I can obtain the same lock using the command "svn lock -m'<asdf>'
> file" on the Linux command line.
Could you please try the Windows command line client on the same machine
you're using TSVN?
It's jut because TSVN (and any svn client for that matter) doesn't have
to translate messages - the svn library has to do that (because the
clients don't know which remote access is being used, and not all
require such translations).
If it fails the same way with the Windows command line client, could you
then please report this on the Subversion mailing list?
Stefan
--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest Interface to (Sub)Version Control
/_/ \_\ http://tortoisesvn.net
Gnustavo
> Gnustavo wrote:
> > I'm using "SVN/1.5.1 (r32289)/TortoiseSVN-1.5.2.13595 neon/0.28.2".
>
> > When I try to get a lock passing a message containing the characters
> > "<" and ">" I get a "BAD REQUEST (error 400)" message back.
>
> > I can obtain the same lock using the command "svn lock -m'<asdf>'
> > file" on the Linux command line.
>
> Could you please try the Windows command line client on the same machine
> you're using TSVN?
>
> It's jut because TSVN (and any svn client for that matter) doesn't have
> to translate messages - the svn library has to do that (because the
> clients don't know which remote access is being used, and not all
> require such translations).
I installed CollabNetSubversion-client-1.5.1-5.win32.exe and got the
same problem:
C:\Documents and Settings\gustavo\especificacoes>svn lock -m "<asdf>"
*Alarme.sxc
svn: Server sent unexpected return value (400 Bad Request) in response
to LOCK request for '/DSSO/desig_auto_eletropaulo/produto/trunk/testes/
especificacoes/Desig_Auto_Eletropaulo-RT-CFG_Ativar_Alarme.sxc'
I'm going to file a bug report to the Subversion project as you
instruct me.
Thanks.
Gustavo.