[
https://issues.apache.org/jira/browse/SVN-4795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Branko Čibej updated SVN-4795:
------------------------------
Description:
*Proposal*
Change the way section names are parsed in authz files, such that anything
between the initial {{\[}} and the last {{\]}} are treated as the section
name/rule pattern. This will restrict the use of inline comments on rules, but
will allow fuller use of glob patterns.
*Discussion*
Wildcard rules in Subversion's authz file use {{apr_fnmatch()}} to match
patterns to path segments. APR's matcher supports character classes ({{[A-Z]}}
etc.), however, there is no way to use them in the authz file. For example,
given this rule:
{noformat}
[:glob:/**/*.[Dd]oc]
* = rw
{noformat}
the pattern will be parsed as "{{/\*\*/\*.[Dd}}", which is probably not what
the user intended and matches, for example, "{{/path/x.[Dd}}" instead of the
expected "{{/path/x.doc}}".
This limitation was present in the authz rules since their inception and is a
side effect of how Subversion's config parser parses section names. See:
{{parse_section_name()}} in {{libsvn_subr/config_file.c}}.
was:
*Proposal*
Change the way section names are parsed in authz files, such that anything
between the initial {{\[}} and the last {{\]}} are treated as the section
name/rule pattern. This will restrict the use of inline comments on rules, but
will allow fuller use of glob patterns.
*Discussion*
Wildcard rules in Subversion's authz file use {{apr_fnmatch()}} to match
patterns to path segments. APR's matcher supports character classes ({{[A-Z]}}
etc.), however, there is no way to use them in the authz file. For example,
given this rule:
{noformat}
[:glob:/**/*.[Dd]oc]
* = rw
{noformat}
the pattern will actually be parsed as "{{/**/*.[Dd}}", which is definitely not
what the user intended and matches, for example, "{{x.[Dd}}" instead of the
expected "{{x.doc}}".
This limitation was present in the authz rules since their inception and is a
side effect of how Subversion's config parser parses section names. See:
{{parse_section_name()}} in {{libsvn_subr/config_file.c}}.
> Support character classes in glob authz rules
> ---------------------------------------------
>
> Key: SVN-4795
> URL: https://issues.apache.org/jira/browse/SVN-4795
> Project: Subversion
> Issue Type: Improvement
> Components: libsvn_repos, svnauthz
> Affects Versions: all
> Reporter: Branko Čibej
> Priority: Major
>
> *Proposal*
> Change the way section names are parsed in authz files, such that anything
> between the initial {{\[}} and the last {{\]}} are treated as the section
> name/rule pattern. This will restrict the use of inline comments on rules,
> but will allow fuller use of glob patterns.
> *Discussion*
> Wildcard rules in Subversion's authz file use {{apr_fnmatch()}} to match
> patterns to path segments. APR's matcher supports character classes
> ({{[A-Z]}} etc.), however, there is no way to use them in the authz file. For
> example, given this rule:
> {noformat}
> [:glob:/**/*.[Dd]oc]
> * = rw
> {noformat}
> the pattern will be parsed as "{{/\*\*/\*.[Dd}}", which is probably not what
> the user intended and matches, for example, "{{/path/x.[Dd}}" instead of the
> expected "{{/path/x.doc}}".
> This limitation was present in the authz rules since their inception and is a
> side effect of how Subversion's config parser parses section names. See:
> {{parse_section_name()}} in {{libsvn_subr/config_file.c}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
