apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Collins-Sussman <suss...@collab.net>
Subject Re: opposite of apr_xml_quote_string() ?
Date Wed, 09 Mar 2005 16:56:46 GMT

On Mar 9, 2005, at 2:54 AM, Joe Orton wrote:
>
> mod_dav never chooses nor refuses to "XML unescape" anything: the XML
> parser *always* does it unconditionally, so I still don't understand
> what's going on.  If the fields passed down to mod_dav_svn are
> XML-escaped, either mod_dav has *chosen* to re-XML-escape it (I can't
> see where that would be happening), or it was double-escaped to begin
> with.
>
> Can you check protocol traces?
>

Here's all my evidence.  Maybe you can explain what's going on?


Status Quo:

1. libsvn_ra_dav calls ne_lock() to create a lock.  It first
    initializes a ne_lock structure, which includes:

       nlock = ne_lock_create();
       nlock->owner = ne_strdup(comment);

2. from the commandline, I run:

       $ svn lock Foo.java -m "this <is> a comment."
       subversion/libsvn_ra_dav/util.c:292: (apr_err=175002)
       svn: Lock request failed: 400 Bad Request (http://localhost)

    Ethereal shows me:

LOCK /svn/testrepos/Foo.java HTTP/1.1
Host: localhost
User-Agent: SVN/1.2.0 (dev build) neon/0.24.7
Connection: TE
TE: trailers
Content-Length: 182
Content-Type: application/xml
Depth: 0
Authorization: Basic c3Vzc21hbjpibG9ydA==
X-SVN-Options: svn-client-lock
X-SVN-Version-Name: 31

<?xml version="1.0" encoding="utf-8"?>
<lockinfo xmlns='DAV:'>
  <lockscope><exclusive/></lockscope>
<locktype><write/></locktype><owner>this <is> a comment.</owner>
</lockinfo>

HTTP/1.1 400 Bad Request
Date: Wed, 09 Mar 2005 15:57:15 GMT
Server: Apache/2.0.51 (Unix) SVN/1.2.0-dev DAV/2
Content-Length: 321
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not 
understand.<br />
[...]


       So for starters, the ne_lock() call isn't xml-escaping the owner
       field.  But we already discussed this on neon's dev list, and
       you added it to your to-do list.  No big deal.


Tweaked Status Quo:


1. Try xml-escaping the outbound comment:

       nlock->owner = ne_strdup(apr_xml_quote_string(pool, comment, 1));

    And from the commandline, the lock works:

       $ svn lock Foo.java -m "this <is> a comment."
       'Foo.java' locked by user 'sussman'.

2. Ethereal shows me that the outbound comment is indeed xml-escaped:

LOCK /svn/testrepos/Foo.java HTTP/1.1
Host: localhost
User-Agent: SVN/1.2.0 (dev build) neon/0.24.7
Connection: TE
TE: trailers
Content-Length: 188
Content-Type: application/xml
Depth: 0
Authorization: Basic c3Vzc21hbjpibG9ydA==
X-SVN-Options: svn-client-lock
X-SVN-Version-Name: 31

<?xml version="1.0" encoding="utf-8"?>
<lockinfo xmlns='DAV:'>
  <lockscope><exclusive/></lockscope>
<locktype><write/></locktype><owner>this &lt;is&gt; a comment.</owner>
</lockinfo>


3. Meanwhile, back in httpd, here's the incoming lock that mod_dav is
    handing to mod_dav_svn, expecting it to be stored in the repository:

(gdb) p *dlock
$1 = {
   rectype = DAV_LOCKREC_DIRECT,
   is_locknull = 1,
   scope = DAV_LOCKSCOPE_EXCLUSIVE,
   type = DAV_LOCKTYPE_WRITE,
   depth = 0,
   timeout = 0,
   locktoken = 0x18d7e90,
   owner = 0x18d7f38 "<ns0:owner xmlns:ns0=\"DAV:\">this &lt;is&gt; a 
comment.</ns0:owner>",
   auth_user = 0x18d7f90 "sussman",
   info = 0x0,
   next = 0x0
}

        ... sure looks like the comment is still xml-escaped!

So... how is this possible?



Mime
View raw message