1
Description: fix mod_dav_svn permissions bypass via incorrect resource URL
2
Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1130303
4
diff -Nur subversion-1.6.12dfsg/subversion/mod_dav_svn/authz.c subversion-1.6.12dfsg.new/subversion/mod_dav_svn/authz.c
5
--- subversion-1.6.12dfsg/subversion/mod_dav_svn/authz.c 2011-06-02 13:14:38.884514137 -0400
6
+++ subversion-1.6.12dfsg.new/subversion/mod_dav_svn/authz.c 2011-06-02 13:14:43.584514136 -0400
11
+ /* Sometimes we get paths that do not start with '/' and
12
+ hence below uri concatenation would lead to wrong uris .*/
13
+ if (path && path[0] != '/')
14
+ path = apr_pstrcat(pool, "/", path, NULL);
16
/* If bypass is specified and authz has exported the provider.
17
Otherwise, we fall through to the full version. This should be
18
safer than allowing or disallowing all accesses if there is a