##// END OF EJS Templates
hgweb: remove support for POST form data (BC)...
hgweb: remove support for POST form data (BC) Previously, we called out to cgi.parse(), which for POST requests parsed multipart/form-data and application/x-www-form-urlencoded Content-Type requests for form data, combined it with query string parameters, returned a union of the values. As far as I know, nothing in Mercurial actually uses this mechanism to submit data to the HTTP server. The wire protocol has its own mechanism for passing parameters. And the web interface only does GET requests. Removing support for parsing POST data doesn't break any tests. Another reason to not like this feature is that cgi.parse() may modify the QUERY_STRING environment variable as a side-effect. In addition, it merges both POST data and the query string into one data structure. This prevents consumers from knowing whether a variable came from the query string or POST data. That can matter for some operations. I suspect we use cgi.parse() because back when this code was initially implemented, it was the function that was readily available. In other words, I don't think there was conscious choice to support POST data: we just got it because cgi.parse() supported it. Since nothing uses the feature and it is untested, let's remove support for parsing POST form data. We can add it back in easily enough if we need it in the future. .. bc:: Hgweb no longer reads form data in POST requests from multipart/form-data and application/x-www-form-urlencoded requests. Arguments should be specified as URL path components or in the query string in the URL instead. Differential Revision: https://phab.mercurial-scm.org/D2774

File last commit:

r36819:66de4555 default
r36874:01f6bba6 default
Show More
wireprototypes.py
157 lines | 4.6 KiB | text/x-python | PythonLexer
Gregory Szorc
wireprototypes: move wire protocol response types to new module...
r36090 # Copyright 2018 Gregory Szorc <gregory.szorc@gmail.com>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
from __future__ import absolute_import
Gregory Szorc
wireprototypes: move baseprotocolhandler from wireprotoserver...
r36389 import abc
Gregory Szorc
wireprotoserver: move SSHV1 and SSHV2 constants to wireprototypes...
r36553 # Names of the SSH protocol implementations.
SSHV1 = 'ssh-v1'
# This is advertised over the wire. Incremental the counter at the end
# to reflect BC breakages.
SSHV2 = 'exp-ssh-v2-0001'
Gregory Szorc
wireproto: allow wire protocol commands to declare transport support...
r36627 # All available wire protocol transports.
TRANSPORTS = {
SSHV1: {
'transport': 'ssh',
'version': 1,
},
SSHV2: {
'transport': 'ssh',
'version': 2,
},
'http-v1': {
'transport': 'http',
'version': 1,
}
}
Gregory Szorc
wireproto: introduce type for raw byte responses (API)...
r36091 class bytesresponse(object):
"""A wire protocol response consisting of raw bytes."""
def __init__(self, data):
self.data = data
Gregory Szorc
wireprototypes: move wire protocol response types to new module...
r36090 class ooberror(object):
"""wireproto reply: failure of a batch of operation
Something failed during a batch call. The error message is stored in
`self.message`.
"""
def __init__(self, message):
self.message = message
class pushres(object):
"""wireproto reply: success with simple integer return
The call was successful and returned an integer contained in `self.res`.
"""
def __init__(self, res, output):
self.res = res
self.output = output
class pusherr(object):
"""wireproto reply: failure
The call failed. The `self.res` attribute contains the error message.
"""
def __init__(self, res, output):
self.res = res
self.output = output
class streamres(object):
"""wireproto reply: binary stream
The call was successful and the result is a stream.
Accepts a generator containing chunks of data to be sent to the client.
``prefer_uncompressed`` indicates that the data is expected to be
uncompressable and that the stream should therefore use the ``none``
engine.
"""
def __init__(self, gen=None, prefer_uncompressed=False):
self.gen = gen
self.prefer_uncompressed = prefer_uncompressed
class streamreslegacy(object):
"""wireproto reply: uncompressed binary stream
The call was successful and the result is a stream.
Accepts a generator containing chunks of data to be sent to the client.
Like ``streamres``, but sends an uncompressed data for "version 1" clients
using the application/mercurial-0.1 media type.
"""
def __init__(self, gen=None):
self.gen = gen
Gregory Szorc
wireprototypes: move baseprotocolhandler from wireprotoserver...
r36389
class baseprotocolhandler(object):
"""Abstract base class for wire protocol handlers.
A wire protocol handler serves as an interface between protocol command
handlers and the wire protocol transport layer. Protocol handlers provide
methods to read command arguments, redirect stdio for the duration of
the request, handle response types, etc.
"""
__metaclass__ = abc.ABCMeta
@abc.abstractproperty
def name(self):
"""The name of the protocol implementation.
Used for uniquely identifying the transport type.
"""
@abc.abstractmethod
def getargs(self, args):
"""return the value for arguments in <args>
returns a list of values (same order as <args>)"""
@abc.abstractmethod
def forwardpayload(self, fp):
"""Read the raw payload and forward to a file.
The payload is read in full before the function returns.
"""
@abc.abstractmethod
def mayberedirectstdio(self):
"""Context manager to possibly redirect stdio.
The context manager yields a file-object like object that receives
stdout and stderr output when the context manager is active. Or it
yields ``None`` if no I/O redirection occurs.
The intent of this context manager is to capture stdio output
so it may be sent in the response. Some transports support streaming
stdio to the client in real time. For these transports, stdio output
won't be captured.
"""
@abc.abstractmethod
def client(self):
"""Returns a string representation of this client (as bytes)."""
Gregory Szorc
wireproto: add transport specific capabilities in the transport...
r36631
@abc.abstractmethod
def addcapabilities(self, repo, caps):
"""Adds advertised capabilities specific to this protocol.
Receives the list of capabilities collected so far.
Returns a list of capabilities. The passed in argument can be returned.
"""
Gregory Szorc
wireproto: formalize permissions checking as part of protocol interface...
r36819
@abc.abstractmethod
def checkperm(self, perm):
"""Validate that the client has permissions to perform a request.
The argument is the permission required to proceed. If the client
doesn't have that permission, the exception should raise or abort
in a protocol specific manner.
"""