Author: stsp
Date: Tue Sep 3 14:14:19 2019
New Revision: 1866321
URL: http://svn.apache.org/viewvc?rev=1866321&view=rev
Log:
Use more of the new _safe variants of canonicalization functions.
This commit converts relpath function calls in svnserve.
* subversion/svnserve/serve.c
(set_path, delete_path, link_path, add_lock_tokens, unlock_paths, get_file,
get_dir, update, switch_cmd, status, diff, get_mergeinfo, log_cmd,
check_path, stat_cmd, get_locations, get_location_segments, get_file_revs,
lock, lock_many, unlock, unlock_many, get_lock, get_locks, get_deleted_rev,
get_inherited_props, list, find_repos): Use svn_relpath_canonicalize_safe()
instead of svn_relpath_canonicalize().
Modified:
subversion/trunk/subversion/svnserve/serve.c
Modified: subversion/trunk/subversion/svnserve/serve.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/svnserve/serve.c?rev=1866321&r1=1866320&r2=1866321&view=diff
==============================================================================
--- subversion/trunk/subversion/svnserve/serve.c (original)
+++ subversion/trunk/subversion/svnserve/serve.c Tue Sep 3 14:14:19 2019
@@ -860,7 +860,7 @@ static svn_error_t *set_path(svn_ra_svn_
svn_ra_svn__list_t *params, void *baton)
{
report_driver_baton_t *b = baton;
- const char *path, *lock_token, *depth_word;
+ const char *path, *lock_token, *depth_word, *canonical_relpath;
svn_revnum_t rev;
/* Default to infinity, for old clients that don't send depth. */
svn_depth_t depth = svn_depth_infinity;
@@ -871,7 +871,9 @@ static svn_error_t *set_path(svn_ra_svn_
&depth_word));
if (depth_word)
depth = svn_depth_from_word(depth_word);
- path = svn_relpath_canonicalize(path, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_relpath, NULL, path,
+ pool, pool));
+ path = canonical_relpath;
if (b->from_rev && strcmp(path, "") == 0)
*b->from_rev = rev;
if (!b->err)
@@ -887,10 +889,12 @@ static svn_error_t *delete_path(svn_ra_s
svn_ra_svn__list_t *params, void *baton)
{
report_driver_baton_t *b = baton;
- const char *path;
+ const char *path, *canonical_relpath;
SVN_ERR(svn_ra_svn__parse_tuple(params, "c", &path));
- path = svn_relpath_canonicalize(path, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_relpath, NULL, path,
+ pool, pool));
+ path = canonical_relpath;
if (!b->err)
b->err = svn_repos_delete_path(b->report_baton, path, pool);
return SVN_NO_ERROR;
@@ -901,6 +905,7 @@ static svn_error_t *link_path(svn_ra_svn
{
report_driver_baton_t *b = baton;
const char *path, *url, *lock_token, *fs_path, *depth_word, *canonical_url;
+ const char *canonical_path;
svn_revnum_t rev;
svn_boolean_t start_empty;
/* Default to infinity, for old clients that don't send depth. */
@@ -912,7 +917,10 @@ static svn_error_t *link_path(svn_ra_svn
/* ### WHAT?! The link path is an absolute URL?! Didn't see that
coming... -- cmpilato */
- path = svn_relpath_canonicalize(path, pool);
+
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
+ path = canonical_path;
SVN_ERR(svn_uri_canonicalize_safe(&canonical_url, NULL, url, pool, pool));
url = canonical_url;
if (depth_word)
@@ -1354,6 +1362,7 @@ add_lock_tokens(const svn_ra_svn__list_t
server_baton_t *sb,
apr_pool_t *pool)
{
+ const char *canonical_path;
int i;
svn_fs_access_t *fs_access;
@@ -1383,9 +1392,10 @@ add_lock_tokens(const svn_ra_svn__list_t
"Lock token isn't a string");
path = path_item->u.string.data;
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
full_path = svn_fspath__join(sb->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool),
- pool);
+ canonical_path, pool);
if (! lookup_access(pool, sb, svn_authz_write, full_path, TRUE))
return error_create_and_log(SVN_ERR_RA_NOT_AUTHORIZED, NULL, NULL,
@@ -1423,6 +1433,7 @@ unlock_paths(const svn_ra_svn__list_t *l
int i;
apr_pool_t *subpool = svn_pool_create(pool);
apr_hash_t *targets = apr_hash_make(subpool);
+ const char *canonical_path;
svn_error_t *err;
for (i = 0; i < lock_tokens->nelts; ++i)
@@ -1435,9 +1446,10 @@ unlock_paths(const svn_ra_svn__list_t *l
token_item = &SVN_RA_SVN__LIST_ITEM(&item->u.list, 1);
path = path_item->u.string.data;
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ subpool, subpool));
full_path = svn_fspath__join(sb->repository->fs_path->data,
- svn_relpath_canonicalize(path, subpool),
- subpool);
+ canonical_path, subpool);
token = token_item->u.string.data;
svn_hash_sets(targets, full_path, token);
}
@@ -1577,7 +1589,7 @@ get_file(svn_ra_svn_conn_t *conn,
void *baton)
{
server_baton_t *b = baton;
- const char *path, *full_path, *hex_digest;
+ const char *path, *full_path, *hex_digest, *canonical_path;
svn_revnum_t rev;
svn_fs_root_t *root;
svn_stream_t *contents;
@@ -1604,8 +1616,10 @@ get_file(svn_ra_svn_conn_t *conn,
if (wants_inherited_props == SVN_RA_SVN_UNSPECIFIED_NUMBER)
wants_inherited_props = FALSE;
- full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, pool,
+ pool));
+ full_path = svn_fspath__join(b->repository->fs_path->data, canonical_path,
+ pool);
/* Check authorizations */
SVN_ERR(must_have_access(conn, pool, b, svn_authz_read,
@@ -1762,7 +1776,7 @@ get_dir(svn_ra_svn_conn_t *conn,
void *baton)
{
server_baton_t *b = baton;
- const char *path, *full_path;
+ const char *path, *full_path, *canonical_path;
svn_revnum_t rev;
apr_hash_t *entries, *props = NULL;
apr_array_header_t *inherited_props;
@@ -1788,8 +1802,10 @@ get_dir(svn_ra_svn_conn_t *conn,
wants_inherited_props = FALSE;
SVN_ERR(parse_dirent_fields(&dirent_fields, dirent_fields_list));
- full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
+ full_path = svn_fspath__join(b->repository->fs_path->data, canonical_path,
+ pool);
/* Check authorizations */
SVN_ERR(must_have_access(conn, pool, b, svn_authz_read,
@@ -1936,7 +1952,7 @@ update(svn_ra_svn_conn_t *conn,
{
server_baton_t *b = baton;
svn_revnum_t rev;
- const char *target, *full_path, *depth_word;
+ const char *target, *full_path, *depth_word, *canonical_target;
svn_boolean_t recurse;
svn_tristate_t send_copyfrom_args; /* Optional; default FALSE */
svn_tristate_t ignore_ancestry; /* Optional; default FALSE */
@@ -1949,7 +1965,9 @@ update(svn_ra_svn_conn_t *conn,
SVN_ERR(svn_ra_svn__parse_tuple(params, "(?r)cb?w3?3", &rev, &target,
&recurse, &depth_word,
&send_copyfrom_args, &ignore_ancestry));
- target = svn_relpath_canonicalize(target, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target,
+ pool, pool));
+ target = canonical_target;
if (depth_word)
depth = svn_depth_from_word(depth_word);
@@ -1995,7 +2013,7 @@ switch_cmd(svn_ra_svn_conn_t *conn,
server_baton_t *b = baton;
svn_revnum_t rev;
const char *target, *depth_word;
- const char *switch_url, *switch_path, *canonical_url;
+ const char *switch_url, *switch_path, *canonical_url, *canonical_target;
svn_boolean_t recurse;
/* Default to unknown. Old clients won't send depth, but we'll
handle that by converting recurse if necessary. */
@@ -2007,7 +2025,9 @@ switch_cmd(svn_ra_svn_conn_t *conn,
SVN_ERR(svn_ra_svn__parse_tuple(params, "(?r)cbc?w?33", &rev, &target,
&recurse, &switch_url, &depth_word,
&send_copyfrom_args, &ignore_ancestry));
- target = svn_relpath_canonicalize(target, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target,
+ pool, pool));
+ target = canonical_target;
SVN_ERR(svn_uri_canonicalize_safe(&canonical_url, NULL, switch_url, pool,
pool));
switch_url = canonical_url;
@@ -2048,7 +2068,7 @@ status(svn_ra_svn_conn_t *conn,
{
server_baton_t *b = baton;
svn_revnum_t rev;
- const char *target, *depth_word;
+ const char *target, *depth_word, *canonical_target;
svn_boolean_t recurse;
/* Default to unknown. Old clients won't send depth, but we'll
handle that by converting recurse if necessary. */
@@ -2057,7 +2077,9 @@ status(svn_ra_svn_conn_t *conn,
/* Parse the arguments. */
SVN_ERR(svn_ra_svn__parse_tuple(params, "cb?(?r)?w",
&target, &recurse, &rev, &depth_word));
- target = svn_relpath_canonicalize(target, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target,
+ pool, pool));
+ target = canonical_target;
if (depth_word)
depth = svn_depth_from_word(depth_word);
@@ -2088,6 +2110,7 @@ diff(svn_ra_svn_conn_t *conn,
server_baton_t *b = baton;
svn_revnum_t rev;
const char *target, *versus_url, *versus_path, *depth_word, *canonical_url;
+ const char *canonical_target;
svn_boolean_t recurse, ignore_ancestry;
svn_boolean_t text_deltas;
/* Default to unknown. Old clients won't send depth, but we'll
@@ -2110,7 +2133,9 @@ diff(svn_ra_svn_conn_t *conn,
&ignore_ancestry, &versus_url,
&text_deltas, &depth_word));
}
- target = svn_relpath_canonicalize(target, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target,
+ pool, pool));
+ target = canonical_target;
SVN_ERR(svn_uri_canonicalize_safe(&canonical_url, NULL, versus_url,
pool, pool));
versus_url = canonical_url;
@@ -2238,13 +2263,15 @@ get_mergeinfo(svn_ra_svn_conn_t *conn,
for (i = 0; i < paths->nelts; i++)
{
svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(paths, i);
- const char *full_path;
+ const char *full_path, *canonical_path;
if (item->kind != SVN_RA_SVN_STRING)
return svn_error_create(SVN_ERR_RA_SVN_MALFORMED_DATA, NULL,
_("Path is not a string"));
- full_path = svn_relpath_canonicalize(item->u.string.data, pool);
- full_path = svn_fspath__join(b->repository->fs_path->data, full_path,
pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL,
+ item->u.string.data, pool, pool));
+ full_path = svn_fspath__join(b->repository->fs_path->data,
+ canonical_path, pool);
APR_ARRAY_PUSH(canonical_paths, const char *) = full_path;
}
@@ -2406,7 +2433,7 @@ log_cmd(svn_ra_svn_conn_t *conn,
svn_error_t *err, *write_err;
server_baton_t *b = baton;
svn_revnum_t start_rev, end_rev;
- const char *full_path;
+ const char *full_path, *canonical_path;
svn_boolean_t send_changed_paths, strict_node, include_merged_revisions;
apr_array_header_t *full_paths, *revprops;
svn_ra_svn__list_t *paths, *revprop_items;
@@ -2470,9 +2497,10 @@ log_cmd(svn_ra_svn_conn_t *conn,
if (elt->kind != SVN_RA_SVN_STRING)
return svn_error_create(SVN_ERR_RA_SVN_MALFORMED_DATA, NULL,
_("Log path entry not a string"));
- full_path = svn_relpath_canonicalize(elt->u.string.data, pool),
- full_path = svn_fspath__join(b->repository->fs_path->data, full_path,
- pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL,
+ elt->u.string.data, pool, pool));
+ full_path = svn_fspath__join(b->repository->fs_path->data,
+ canonical_path, pool);
APR_ARRAY_PUSH(full_paths, const char *) = full_path;
}
SVN_ERR(trivial_auth_request(conn, pool, b));
@@ -2515,13 +2543,15 @@ check_path(svn_ra_svn_conn_t *conn,
{
server_baton_t *b = baton;
svn_revnum_t rev;
- const char *path, *full_path;
+ const char *path, *full_path, *canonical_path;
svn_fs_root_t *root;
svn_node_kind_t kind;
SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)", &path, &rev));
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));;
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ canonical_path, pool);
/* Check authorizations */
SVN_ERR(must_have_access(conn, pool, b, svn_authz_read,
@@ -2548,13 +2578,15 @@ stat_cmd(svn_ra_svn_conn_t *conn,
{
server_baton_t *b = baton;
svn_revnum_t rev;
- const char *path, *full_path, *cdate;
+ const char *path, *full_path, *cdate, *canonical_path;
svn_fs_root_t *root;
svn_dirent_t *dirent;
SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)", &path, &rev));
- full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, pool,
+ pool));
+ full_path = svn_fspath__join(b->repository->fs_path->data, canonical_path,
+ pool);
/* Check authorizations */
SVN_ERR(must_have_access(conn, pool, b, svn_authz_read,
@@ -2603,7 +2635,7 @@ get_locations(svn_ra_svn_conn_t *conn,
svn_ra_svn__list_t *loc_revs_proto;
svn_ra_svn__item_t *elt;
int i;
- const char *relative_path;
+ const char *relative_path, *canonical_path;
svn_revnum_t peg_revision;
apr_hash_t *fs_locations;
const char *abs_path;
@@ -2616,7 +2648,9 @@ get_locations(svn_ra_svn_conn_t *conn,
SVN_ERR(svn_ra_svn__parse_tuple(params, "crl", &relative_path,
&peg_revision,
&loc_revs_proto));
- relative_path = svn_relpath_canonicalize(relative_path, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, relative_path,
+ pool, pool));
+ relative_path = canonical_path;
abs_path = svn_fspath__join(b->repository->fs_path->data, relative_path,
pool);
@@ -2702,7 +2736,7 @@ get_location_segments(svn_ra_svn_conn_t
svn_error_t *err, *write_err;
server_baton_t *b = baton;
svn_revnum_t peg_revision, start_rev, end_rev;
- const char *relative_path;
+ const char *relative_path, *canonical_path;
const char *abs_path;
authz_baton_t ab;
@@ -2713,7 +2747,9 @@ get_location_segments(svn_ra_svn_conn_t
SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)(?r)(?r)",
&relative_path, &peg_revision,
&start_rev, &end_rev));
- relative_path = svn_relpath_canonicalize(relative_path, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, relative_path,
+ pool, pool));
+ relative_path = canonical_path;
abs_path = svn_fspath__join(b->repository->fs_path->data, relative_path,
pool);
@@ -2865,6 +2901,7 @@ get_file_revs(svn_ra_svn_conn_t *conn,
svn_revnum_t start_rev, end_rev;
const char *path;
const char *full_path;
+ const char *canonical_path;
apr_uint64_t include_merged_revs_param;
svn_boolean_t include_merged_revisions;
authz_baton_t ab;
@@ -2876,7 +2913,9 @@ get_file_revs(svn_ra_svn_conn_t *conn,
SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)(?r)?B",
&path, &start_rev, &end_rev,
&include_merged_revs_param));
- path = svn_relpath_canonicalize(path, pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
+ path = canonical_path;
SVN_ERR(trivial_auth_request(conn, pool, b));
full_path = svn_fspath__join(b->repository->fs_path->data, path, pool);
@@ -2919,14 +2958,17 @@ lock(svn_ra_svn_conn_t *conn,
const char *path;
const char *comment;
const char *full_path;
+ const char *canonical_path;
svn_boolean_t steal_lock;
svn_revnum_t current_rev;
svn_lock_t *l;
SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?c)b(?r)", &path, &comment,
&steal_lock, ¤t_rev));
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));;
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ canonical_path, pool);
SVN_ERR(must_have_access(conn, pool, b, svn_authz_write,
full_path, TRUE));
@@ -3018,7 +3060,7 @@ lock_many(svn_ra_svn_conn_t *conn,
/* Parse the lock requests from PATH_REVS into TARGETS. */
for (i = 0; i < path_revs->nelts; ++i)
{
- const char *path, *full_path;
+ const char *path, *full_path, *canonical_path;
svn_revnum_t current_rev;
svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(path_revs, i);
svn_fs_lock_target_t *target;
@@ -3032,9 +3074,10 @@ lock_many(svn_ra_svn_conn_t *conn,
SVN_ERR(svn_ra_svn__parse_tuple(&item->u.list, "c(?r)", &path,
¤t_rev));
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ subpool, subpool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, subpool),
- pool);
+ canonical_path, pool);
target = svn_fs_lock_target_create(NULL, current_rev, pool);
/* Any duplicate paths, once canonicalized, get collapsed into a
@@ -3081,7 +3124,7 @@ lock_many(svn_ra_svn_conn_t *conn,
/* Return results in the same order as the paths were supplied. */
for (i = 0; i < path_revs->nelts; ++i)
{
- const char *path, *full_path;
+ const char *path, *full_path, *canonical_path;
svn_revnum_t current_rev;
svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(path_revs, i);
struct lock_result_t *result;
@@ -3093,9 +3136,10 @@ lock_many(svn_ra_svn_conn_t *conn,
if (write_err)
break;
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ subpool, subpool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, subpool),
- subpool);
+ canonical_path, subpool);
result = svn_hash_gets(lmb.results, full_path);
if (!result)
@@ -3150,14 +3194,16 @@ unlock(svn_ra_svn_conn_t *conn,
void *baton)
{
server_baton_t *b = baton;
- const char *path, *token, *full_path;
+ const char *path, *token, *full_path, *canonical_path;
svn_boolean_t break_lock;
SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?c)b", &path, &token,
&break_lock));
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ canonical_path, pool);
/* Username required unless break_lock was specified. */
SVN_ERR(must_have_access(conn, pool, b, svn_authz_write,
@@ -3201,7 +3247,7 @@ unlock_many(svn_ra_svn_conn_t *conn,
for (i = 0; i < unlock_tokens->nelts; i++)
{
svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(unlock_tokens, i);
- const char *path, *full_path, *token;
+ const char *path, *full_path, *token, *canonical_path;
svn_pool_clear(subpool);
@@ -3214,9 +3260,10 @@ unlock_many(svn_ra_svn_conn_t *conn,
if (!token)
token = "";
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ subpool, subpool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, subpool),
- pool);
+ canonical_path, pool);
/* Any duplicate paths, once canonicalized, get collapsed into a
single path that is processed once. The result is then
@@ -3261,7 +3308,7 @@ unlock_many(svn_ra_svn_conn_t *conn,
/* Return results in the same order as the paths were supplied. */
for (i = 0; i < unlock_tokens->nelts; ++i)
{
- const char *path, *token, *full_path;
+ const char *path, *token, *full_path, *canonical_path;
svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(unlock_tokens, i);
struct lock_result_t *result;
@@ -3272,9 +3319,10 @@ unlock_many(svn_ra_svn_conn_t *conn,
if (write_err)
break;
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ subpool, subpool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, subpool),
- pool);
+ canonical_path, pool);
result = svn_hash_gets(lmb.results, full_path);
if (!result)
@@ -3324,12 +3372,15 @@ get_lock(svn_ra_svn_conn_t *conn,
server_baton_t *b = baton;
const char *path;
const char *full_path;
+ const char *canonical_path;
svn_lock_t *l;
SVN_ERR(svn_ra_svn__parse_tuple(params, "c", &path));
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ canonical_path, pool);
SVN_ERR(must_have_access(conn, pool, b, svn_authz_read,
full_path, FALSE));
@@ -3355,6 +3406,7 @@ get_locks(svn_ra_svn_conn_t *conn,
server_baton_t *b = baton;
const char *path;
const char *full_path;
+ const char *canonical_path;
const char *depth_word;
svn_depth_t depth;
apr_hash_t *locks;
@@ -3378,8 +3430,10 @@ get_locks(svn_ra_svn_conn_t *conn,
return log_fail_and_flush(err, b, conn, pool);
}
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ canonical_path, pool);
SVN_ERR(trivial_auth_request(conn, pool, b));
@@ -3516,15 +3570,17 @@ get_deleted_rev(svn_ra_svn_conn_t *conn,
void *baton)
{
server_baton_t *b = baton;
- const char *path, *full_path;
+ const char *path, *full_path, *canonical_path;
svn_revnum_t peg_revision;
svn_revnum_t end_revision;
svn_revnum_t revision_deleted;
SVN_ERR(svn_ra_svn__parse_tuple(params, "crr",
&path, &peg_revision, &end_revision));
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ canonical_path, pool);
SVN_ERR(log_command(b, conn, pool, "get-deleted-rev"));
SVN_ERR(trivial_auth_request(conn, pool, b));
SVN_CMD_ERR(svn_repos_deleted_rev(b->repository->fs, full_path, peg_revision,
@@ -3553,7 +3609,7 @@ get_inherited_props(svn_ra_svn_conn_t *c
void *baton)
{
server_baton_t *b = baton;
- const char *path, *full_path;
+ const char *path, *full_path, *canonical_path;
svn_revnum_t rev;
svn_fs_root_t *root;
apr_array_header_t *inherited_props;
@@ -3568,9 +3624,10 @@ get_inherited_props(svn_ra_svn_conn_t *c
/* Parse arguments. */
SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)", &path, &rev));
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ iterpool, iterpool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, iterpool),
- pool);
+ canonical_path, pool);
/* Check authorizations */
SVN_ERR(must_have_access(conn, iterpool, b, svn_authz_read,
@@ -3643,7 +3700,7 @@ list(svn_ra_svn_conn_t *conn,
void *baton)
{
server_baton_t *b = baton;
- const char *path, *full_path;
+ const char *path, *full_path, *canonical_path;
svn_revnum_t rev;
svn_depth_t depth;
apr_array_header_t *patterns = NULL;
@@ -3669,8 +3726,10 @@ list(svn_ra_svn_conn_t *conn,
SVN_ERR(parse_dirent_fields(&rb.dirent_fields, dirent_fields_list));
depth = svn_depth_from_word(depth_word);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ pool, pool));
full_path = svn_fspath__join(b->repository->fs_path->data,
- svn_relpath_canonicalize(path, pool), pool);
+ canonical_path, pool);
/* Read the patterns list. */
if (patterns_list)
@@ -3833,7 +3892,7 @@ find_repos(const char *url,
apr_pool_t *result_pool,
apr_pool_t *scratch_pool)
{
- const char *path, *full_path, *fs_path, *hooks_env;
+ const char *path, *full_path, *fs_path, *hooks_env, *canonical_path;
svn_stringbuf_t *url_buf;
svn_boolean_t sasl_requested;
@@ -3849,8 +3908,9 @@ find_repos(const char *url,
if (path == NULL)
path = "";
}
- path = svn_relpath_canonicalize(path, scratch_pool);
- path = svn_path_uri_decode(path, scratch_pool);
+ SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path,
+ scratch_pool, scratch_pool));
+ path = svn_path_uri_decode(canonical_path, scratch_pool);
/* Ensure that it isn't possible to escape the root by disallowing
'..' segments. */
