Author: stefan2 Date: Sat Nov 25 17:05:19 2017 New Revision: 1816325 URL: http://svn.apache.org/viewvc?rev=1816325&view=rev Log: Minor refactoring in mod_dav_svn: Move the "fuzzy escaping" / sanitizing for author names to a separate function.
* subversion/mod_dav_svn/dav_svn.h (dav_svn__fuzzy_escape_author): Declare a new utility. * subversion/mod_dav_svn/util.c (dav_svn__fuzzy_escape_author): Implement using the logic from ... * subversion/mod_dav_svn/liveprops.c (insert_prop_internal): ... this function and update it. Modified: subversion/trunk/subversion/mod_dav_svn/dav_svn.h subversion/trunk/subversion/mod_dav_svn/liveprops.c subversion/trunk/subversion/mod_dav_svn/util.c Modified: subversion/trunk/subversion/mod_dav_svn/dav_svn.h URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/dav_svn.h?rev=1816325&r1=1816324&r2=1816325&view=diff ============================================================================== --- subversion/trunk/subversion/mod_dav_svn/dav_svn.h (original) +++ subversion/trunk/subversion/mod_dav_svn/dav_svn.h Sat Nov 25 17:05:19 2017 @@ -1114,6 +1114,19 @@ dav_svn__get_youngest_rev(svn_revnum_t * dav_svn_repos *repos, apr_pool_t *scratch_pool); +/* Return the liveprop-encoded form of AUTHOR, allocated in RESULT_POOL. + * If IS_SVN_CLIENT is set, assume that the data will be sent to a SVN + * client. This mainly sanitizes AUTHOR strings with control chars in + * them without converting them to escape sequences etc. + * + * Use SCRATCH_POOL for temporary allocations. + */ +const char * +dav_svn__fuzzy_escape_author(const char *author, + svn_boolean_t is_svn_client, + apr_pool_t *result_pool, + apr_pool_t *scratch_pool); + /*** mirror.c ***/ /* Perform the fixup hook for the R request. */ Modified: subversion/trunk/subversion/mod_dav_svn/liveprops.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/liveprops.c?rev=1816325&r1=1816324&r2=1816325&view=diff ============================================================================== --- subversion/trunk/subversion/mod_dav_svn/liveprops.c (original) +++ subversion/trunk/subversion/mod_dav_svn/liveprops.c Sat Nov 25 17:05:19 2017 @@ -423,43 +423,10 @@ insert_prop_internal(const dav_resource if (last_author == NULL) return DAV_PROP_INSERT_NOTDEF; - if (svn_xml_is_xml_safe(last_author->data, last_author->len) - || !resource->info->repos->is_svn_client) - value = apr_xml_quote_string(scratch_pool, last_author->data, 1); - else - { - /* We are talking to a Subversion client, which will (like any proper - xml parser) error out if we produce control characters in XML. - - However Subversion clients process both the generic - <creator-displayname /> as the custom element for svn:author. - - Let's skip outputting the invalid characters here to make the XML - valid, so clients can see the custom element. - - Subversion Clients will then either use a slightly invalid - author (unlikely) or more likely use the second result, which - will be transferred with full escaping capabilities. - - We have tests in place to assert proper behavior over the RA layer. - */ - apr_size_t i; - svn_stringbuf_t *buf; - - buf = svn_stringbuf_create_from_string(last_author, scratch_pool); - - for (i = 0; i < buf->len; i++) - { - char c = buf->data[i]; - - if (svn_ctype_iscntrl(c)) - { - svn_stringbuf_remove(buf, i--, 1); - } - } - - value = apr_xml_quote_string(scratch_pool, buf->data, 1); - } + /* We need to sanitize the LAST_AUTHOR. */ + value = dav_svn__fuzzy_escape_author(last_author->data, + resource->info->repos->is_svn_client, + scratch_pool, scratch_pool); break; } Modified: subversion/trunk/subversion/mod_dav_svn/util.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/util.c?rev=1816325&r1=1816324&r2=1816325&view=diff ============================================================================== --- subversion/trunk/subversion/mod_dav_svn/util.c (original) +++ subversion/trunk/subversion/mod_dav_svn/util.c Sat Nov 25 17:05:19 2017 @@ -37,6 +37,7 @@ #include "svn_fs.h" #include "svn_dav.h" #include "svn_base64.h" +#include "svn_ctype.h" #include "dav_svn.h" #include "private/svn_fspath.h" @@ -954,3 +955,48 @@ dav_svn__get_youngest_rev(svn_revnum_t * *youngest_p = repos->youngest_rev; return SVN_NO_ERROR; } + +const char * +dav_svn__fuzzy_escape_author(const char *author, + svn_boolean_t is_svn_client, + apr_pool_t *result_pool, + apr_pool_t *scratch_pool) +{ + apr_size_t len = strlen(author); + if (is_svn_client && !svn_xml_is_xml_safe(author, len)) + { + /* We are talking to a Subversion client, which will (like any proper + xml parser) error out if we produce control characters in XML. + + However Subversion clients process both the generic + <creator-displayname /> as the custom element for svn:author. + + Let's skip outputting the invalid characters here to make the XML + valid, so clients can see the custom element. + + Subversion Clients will then either use a slightly invalid + author (unlikely) or more likely use the second result, which + will be transferred with full escaping capabilities. + + We have tests in place to assert proper behavior over the RA layer. + */ + apr_size_t i; + svn_stringbuf_t *buf; + + buf = svn_stringbuf_ncreate(author, len, scratch_pool); + + for (i = 0; i < buf->len; i++) + { + char c = buf->data[i]; + + if (svn_ctype_iscntrl(c)) + { + svn_stringbuf_remove(buf, i--, 1); + } + } + + author = buf->data; + } + + return apr_xml_quote_string(result_pool, author, 1); +} \ No newline at end of file