On 12.12.2018 19:07, Stefan Kueng wrote: > > > On 12.12.2018 13:55, TortoiseSVN-dev on behalf of Julian Foad wrote: >>>> Subversion encountered a serious problem. >>>> Please take the time to report this on the Subversion mailing list >> […] >>>> https://subversion.apache.org/mailing-lists.html >> >>> It is likely that this is a problem specific to TortoiseSVN, and not >>> to core SVN. TortoiseSVN has its own mailinglists, so you should >>> report your problem there: >> (Cross-posting.) > > Since this happens in the project monitor, my best guess is that the > path/url the user entered to be monitored is not correct. > >> >> It makes me sad every time I see this pattern. Software is often >> frustrating to use, but should at least aim to be polite to its >> users. Telling the user "Please do X" and then when the user does X >> saying "No, it's no good doing X; do Y" is not polite, and I would >> not expect anyone but the most calm, patient and helpful of users to >> gracefully comply with such a request. >> >> I'm not meaning to criticise Johan but rather our whole system. >> >> Can we please fix this problem. Both: >> 1) Tsvn please change the message. > > Sorry, won't do that. Because I've argued multiple times over the > years here that calling exit() or even abort() in a library is the > worst idea ever. Especially if this can happen by having the user > enter a wrong path/url.
It's not the user entering the wrong path or URL. It's the code that uses the Subversion libraries — in this case TSVN — not validating and de-tainting its input. Yes, this has been going on for years due to your obstinately refusing to conform to our API specs. In the meantime, *your* users are left hanging. The rules are clear and consistent: pointers may not be NULL unless specifically allowed, paths must be absolute and canonical, URLs must be canonical, all strings must be encoded in UTF-8. We provide a wide range of helper functions that make it easy for API consumers to encode the parameters. > Sorry if this message seems rude - but I'm tired of arguing the same > over and over again. You don't say. -- Brane
