Gary Hennigan writes: > > Personally, I've fixed my local copy by doing away with the "if" block > starting at server.c:2657 and ending at server.c:2666, as it seems > redundant since the client has already verified that the command is > a legal command.
That means that you're trusting the client, which isn't a very good idea from a security perspective. The right fix is to change the command name passed into do_cvs_command to "watch" in all four cases. I've checked in a fix. -Larry Jones What's the matter? Don't you trust your own kid?! -- Calvin _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
