[shibboleth-sp2] 55/89: Add some commenting

Ferenc Wágner wferi at moszumanska.debian.org
Thu Sep 1 09:24:09 UTC 2016 

This is an automated email from the git hooks/post-receive script.

wferi pushed a commit to branch master
in repository shibboleth-sp2.

commit 18ec48c2966f771d7b530b3c471d621289b823cb
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Mon Jun 13 09:52:23 2016 -0400

    Add some commenting
---
 shibsp/impl/XMLRequestMapper.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/shibsp/impl/XMLRequestMapper.cpp b/shibsp/impl/XMLRequestMapper.cpp
index ee23a9e..d32eb97 100644
--- a/shibsp/impl/XMLRequestMapper.cpp
+++ b/shibsp/impl/XMLRequestMapper.cpp
@@ -157,7 +157,6 @@ namespace shibsp {
     static const XMLCh _AccessControl[] =           UNICODE_LITERAL_13(A,c,c,e,s,s,C,o,n,t,r,o,l);
     static const XMLCh AccessControlProvider[] =    UNICODE_LITERAL_21(A,c,c,e,s,s,C,o,n,t,r,o,l,P,r,o,v,i,d,e,r);
     static const XMLCh caseInsensitiveOption[] =    UNICODE_LITERAL_1(i);
-    static const XMLCh caseSensitiveAttr[] =        UNICODE_LITERAL_13(c,a,s,e,S,e,n,s,i,t,i,v,e);
     static const XMLCh Host[] =                     UNICODE_LITERAL_4(H,o,s,t);
     static const XMLCh HostRegex[] =                UNICODE_LITERAL_9(H,o,s,t,R,e,g,e,x);
     static const XMLCh htaccess[] =                 UNICODE_LITERAL_8(h,t,a,c,c,e,s,s);
@@ -319,9 +318,12 @@ Override::Override(bool unicodeAware, const DOMElement* e, Category& log, const
 
             bool caseSensitive;
             if (path && path->hasAttributeNS(nullptr, ignoreCase)) {
-                log.error("Legacy interpretation of PathRegex ignoreCase attribute has incorrect sense.  Use caseSensitive");
+                // In this one case, we've left ignoreCase reversed (true means case sensitive, false means insensitive).
+                // This was to protect people who followed the security advisory for SSPCPP-691 and reversed their setting.
+                log.error("Deprecated ignoreCase attribute in PathRegex element will be interpreted backwards. Replace with caseSensitive");
                 caseSensitive = XMLHelper::getAttrBool(path, true, ignoreCase);
             } else {
+                // If the old ignoreCase setting isn't set, then we just process normally.
                 caseSensitive = XMLHelper::getCaseSensitive(path, false);
             }
             try {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list