[
http://jira.codehaus.org/browse/CONTINUUM-2577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brett Porter updated CONTINUUM-2577:
------------------------------------
Fix Version/s: 1.4.1 (Beta)
> Subversion login and password are not properly escaped in svn shell
> invocation from release prepare
> ---------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-2577
> URL: http://jira.codehaus.org/browse/CONTINUUM-2577
> Project: Continuum
> Issue Type: Bug
> Environment: Linux
> Reporter: Olivier Dehon
> Fix For: 1.4.1 (Beta)
>
>
> When preparing a release, if the user mistypes their
> subversion password and adds a backslash at the end, then the release
> prepare phase gets stuck in the "update-working-copy" (the first) step.
> This is because the svn command issued by continuum is:
>
> svn --username xxxxx --password abcdef\ --non-interactive ...
> which means that the space between the password and the space before the
> --non-interactive option is escaped, which in turn means that this
> option is not seen at all, and since the password is incorrect, it goes
> ahead and tries to prompt the user for their correct password in the
> command line, so the process hangs (found that by running a:
> ps -edf | grep svn
> on the server).
> The username and password should be shell-escaped to avoid this. (Imagine
> the disaster if the user enters a password ";my-malicious-command" )
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
