Author: danielsh
Date: Wed Jun 29 22:25:35 2011
New Revision: 1141291
URL: http://svn.apache.org/viewvc?rev=1141291&view=rev
Log:
Don't allow arbitrary strings for the value of the 'SVNPathAuthz' directive.
* subversion/mod_dav_svn/mod_dav_svn.c
(SVNPathAuthz_cmd): Error out when value not in ['on', 'off',
'short_circuit'].
Modified:
subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c
Modified: subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c?rev=1141291&r1=1141290&r2=1141291&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c (original)
+++ subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c Wed Jun 29 22:25:35
2011
@@ -346,10 +346,14 @@ SVNPathAuthz_cmd(cmd_parms *cmd, void *c
AUTHZ_SVN__SUBREQ_BYPASS_PROV_VER);
}
}
- else
+ else if (apr_strnatcasecmp("on", arg1) == 0)
{
conf->path_authz_method = CONF_PATHAUTHZ_ON;
}
+ else
+ {
+ return "Unknown value for SVNPathAuthz directive";
+ }
return NULL;
}
