[email protected] wrote: > Author: kameshj > Date: Mon Apr 12 11:26:28 2010 > New Revision: 933194 > > URL: http://svn.apache.org/viewvc?rev=933194&view=rev > Log: > [issue2753] Fix issue 2753. > > Relax requests aimed at the repo Parent path from authz control. > > * subversion/mod_authz_svn/mod_authz_svn.c > (create_authz_svn_dir_config): Canonicalize conf->base_path. > (req_check_access): When canonicalized 'uri' and 'conf->base_path' are same > allow the request. > (access_checker, check_user_id, auth_checker): > Initialize repos_path to 'NULL' otherwise it can point > to stray values when req_check_access relaxes certain requests without > initialising the out parameters.
In a perfect world, I would expect that requests to the parent directory would not be authz-denied, but that each repository in the listing of repositories would be authz-checked against the authz configuration. In other words, say I have a parent-path with three repositories: calc, watch, lamp. And say I have an authz file like so: [lamp:/] * = I would expect that a request to the parent directory would yield a listing that included the 'calc' and 'watch' repositories, but not the 'lamp' one. Is that the case? -- C. Michael Pilato <[email protected]> CollabNet <> www.collab.net <> Distributed Development On Demand
signature.asc
Description: OpenPGP digital signature
