Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
all
-
None
-
None
Description
Proposal
Change the way section names are parsed in authz files, so that anything between the initial [ and the last ] are treated as the section name/rule pattern. This will restrict the use of inline comments on rules, but will allow fuller use of glob patterns.
Discussion
Wildcard rules in Subversion's authz file use apr_fnmatch() to match patterns to path segments. APR's matcher supports character classes ([A-Z] etc.), however, there is no way to use them in the authz file. For example, given this rule:
[:glob:/**/*.[Dd]oc] * = rw
the pattern will be parsed as "/**/*.[Dd", which is probably not what the user intended and matches, for example, "/path/x.[Dd" instead of the expected "/path/x.doc".
This limitation was present in the authz rules since their inception and is a side effect of how Subversion's config parser parses section names. See: parse_section_name() in libsvn_subr/config_file.c.