# HG changeset patch # User Marcin Kuzminski # Date 2018-12-23 19:37:05 # Node ID e2c979bce8420a56e1391d83800499bb7ec9f269 # Parent 1fb993c1ee05d54a9a3b25ca0ac6708588824537 vcs: handle excessive slashes in from of the repo name path, fixes #5522 diff --git a/rhodecode/lib/middleware/simplehg.py b/rhodecode/lib/middleware/simplehg.py --- a/rhodecode/lib/middleware/simplehg.py +++ b/rhodecode/lib/middleware/simplehg.py @@ -44,7 +44,11 @@ class SimpleHg(simplevcs.SimpleVCS): :param environ: environ where PATH_INFO is stored """ - return environ['PATH_INFO'].strip('/') + repo_name = environ['PATH_INFO'] + if repo_name and repo_name.startswith('/'): + # remove only the first leading / + repo_name = repo_name[1:] + return repo_name.rstrip('/') _ACTION_MAPPING = { 'changegroup': 'pull', @@ -147,8 +151,7 @@ class SimpleHg(simplevcs.SimpleVCS): return default def _create_wsgi_app(self, repo_path, repo_name, config): - return self.scm_app.create_hg_wsgi_app( - repo_path, repo_name, config) + return self.scm_app.create_hg_wsgi_app(repo_path, repo_name, config) def _create_config(self, extras, repo_name): config = utils.make_db_config(repo=repo_name) diff --git a/rhodecode/lib/middleware/simplevcs.py b/rhodecode/lib/middleware/simplevcs.py --- a/rhodecode/lib/middleware/simplevcs.py +++ b/rhodecode/lib/middleware/simplevcs.py @@ -153,12 +153,10 @@ class SimpleVCS(object): @property def base_path(self): - settings_path = self.repo_vcs_config.get( - *VcsSettingsModel.PATH_SETTING) + settings_path = self.repo_vcs_config.get(*VcsSettingsModel.PATH_SETTING) if not settings_path: - settings_path = self.global_vcs_config.get( - *VcsSettingsModel.PATH_SETTING) + settings_path = self.global_vcs_config.get(*VcsSettingsModel.PATH_SETTING) if not settings_path: # try, maybe we passed in explicitly as config option @@ -396,7 +394,6 @@ class SimpleVCS(object): meta.Session.remove() def _handle_request(self, environ, start_response): - if not self._check_ssl(environ, start_response): reason = ('SSL required, while RhodeCode was unable ' 'to detect this as SSL request') @@ -514,8 +511,7 @@ class SimpleVCS(object): plugin_cache_active, cache_ttl = auth_result.get( 'auth_data', {}).get('_ttl_cache') or (False, 0) else: - return auth_result.wsgi_application( - environ, start_response) + return auth_result.wsgi_application(environ, start_response) # ============================================================== # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME diff --git a/rhodecode/tests/vcs_operations/test_vcs_operations.py b/rhodecode/tests/vcs_operations/test_vcs_operations.py --- a/rhodecode/tests/vcs_operations/test_vcs_operations.py +++ b/rhodecode/tests/vcs_operations/test_vcs_operations.py @@ -141,6 +141,16 @@ class TestVCSOperations(object): stdout, stderr = Command('/tmp').execute('git clone', clone_url) assert 'not found' in stderr + def test_clone_hg_with_slashes(self, rc_web_server, tmpdir): + clone_url = rc_web_server.repo_clone_url('//' + HG_REPO) + stdout, stderr = Command('/tmp').execute('hg clone', clone_url, tmpdir.strpath) + assert 'HTTP Error 404: Not Found' in stderr + + def test_clone_git_with_slashes(self, rc_web_server, tmpdir): + clone_url = rc_web_server.repo_clone_url('//' + GIT_REPO) + stdout, stderr = Command('/tmp').execute('git clone', clone_url) + assert 'not found' in stderr + def test_clone_existing_path_hg_not_in_database( self, rc_web_server, tmpdir, fs_repo_only):