It appears that there are some issues with tainting that I do not understand. Thanks to sebb for sorting the immediate issues that kept the tool from working. I still do not understand why the coi.cgi script worked locally with setupmymac but failed when running in the whimsy server environment.
The problems that I had raise some higher level issues worth discussing. There are at least three ways I know of to use svn from cgi scripts: - construct svn commands and call the system to execute them - use svn to prepare svn commands and execute them - use svn_ to prepare svn commands and execute them User and password are available as global constants $USER and $PASSWORD. But they are also available in some environments via the "_" variable and ENV. I'd like to have some best practices documented: Which technique for executing svn is appropriate? How should credentials be passed from one layer to the next? Which code should be responsible for untainting variables? And while we are discussing structure of code, what kinds of things are appropriate for "top level" execution in the cgi script (outside of a function definition)? What things are appropriate for inside functions? What things are appropriate for directly executing within the _html section, the _body section, the _whimsy_body section, and the do block following the _whimsy_body section? Craig L Russell c...@apache.org
