[EMAIL PROTECTED] (Larry Jones) writes: > Gary Hennigan writes: > > > > Personally, I've fixed my local copy by doing away with the "if" block > > starting at server.c:2657 and ending at server.c:2666, as it seems > > redundant since the client has already verified that the command is > > a legal command. > > That means that you're trusting the client, which isn't a very good idea > from a security perspective. The right fix is to change the command > name passed into do_cvs_command to "watch" in all four cases. I've > checked in a fix.
Thanks for the right fix Larry, and for the quick response. Gary _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs