##// END OF EJS Templates
hgweb: fix trust of templates path (BC)...
hgweb: fix trust of templates path (BC) Long ago we disabled trust of the templates path with a comment describing the (insecure) behavior before the change. At some later refactor, the code was apparently changed back to match the comment, unaware that the intent of the comment was to describe the behavior to avoid. This change disables the trust and updates the comment to explicitly say not only what the old problem was, but also that it was in fact a problem and the action taken to prevent it. Impact: prior to this change, if you had a UNIX-based hgweb server where users can write hgrc files, those users could potentially read any file readable by the web server. This is marked as a backwards compatibility issue because people may have configured templates without proper trust settings. Issue spotted by Greg Szorc.

File last commit:

r22023:f1883065 default
r26120:1a45e49a 3.5.1 stable
Show More
simplemerge
66 lines | 2.1 KiB | text/plain | TextLexer
Alexis S. L. Carvalho
actually port simplemerge to hg...
r4363 #!/usr/bin/env python
Alexis S. L. Carvalho
Import 3-way merge code from bzr...
r4362
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 from mercurial import demandimport
demandimport.enable()
Alexis S. L. Carvalho
Import 3-way merge code from bzr...
r4362
Simon Heimberg
cleanup: drop unused variables and an unused import
r19378 import sys
Alexis S. L. Carvalho
actually port simplemerge to hg...
r4363 from mercurial.i18n import _
Steve Borho
simplemerge: use ui.warn() for warnings
r8269 from mercurial import simplemerge, fancyopts, util, ui
Alexis S. L. Carvalho
Import 3-way merge code from bzr...
r4362
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 options = [('L', 'label', [], _('labels to use on conflict markers')),
('a', 'text', None, _('treat all files as text')),
('p', 'print', None,
_('print results instead of overwriting LOCAL')),
Pierre-Yves David
simplemerge: burn "minimal" feature to the ground...
r22023 ('', 'no-minimal', None, _('no effect (DEPRECATED)')),
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 ('h', 'help', None, _('display help and exit')),
('q', 'quiet', None, _('suppress output'))]
usage = _('''simplemerge [OPTS] LOCAL BASE OTHER
Simple three-way file merge utility with a minimal feature set.
Thomas Arendsen Hein
Remove trailing spaces
r5081
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 Apply to LOCAL the changes necessary to go from BASE to OTHER.
Thomas Arendsen Hein
Remove trailing spaces
r5081
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 By default, LOCAL is overwritten with the results of this operation.
''')
Matt Mackall
merge: move the bulk of simplemerge into core...
r6002 class ParseError(Exception):
"""Exception raised on errors in parsing the command line."""
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 def showhelp():
sys.stdout.write(usage)
sys.stdout.write('\noptions:\n')
Alexis S. L. Carvalho
Import 3-way merge code from bzr...
r4362
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 out_opts = []
for shortopt, longopt, default, desc in options:
out_opts.append(('%2s%s' % (shortopt and '-%s' % shortopt,
longopt and ' --%s' % longopt),
'%s' % desc))
opts_len = max([len(opt[0]) for opt in out_opts])
for first, second in out_opts:
sys.stdout.write(' %-*s %s\n' % (opts_len, first, second))
Matt Mackall
merge: move the bulk of simplemerge into core...
r6002 try:
Patrick Mezard
tests: Windows compatibility fixes...
r7080 for fp in (sys.stdin, sys.stdout, sys.stderr):
Adrian Buehlmann
rename util.set_binary to setbinary
r14233 util.setbinary(fp)
Mads Kiilerich
tests: run check-code on Python files without .py extension
r19022
Matt Mackall
merge: move the bulk of simplemerge into core...
r6002 opts = {}
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 try:
Matt Mackall
merge: move the bulk of simplemerge into core...
r6002 args = fancyopts.fancyopts(sys.argv[1:], options, opts)
except fancyopts.getopt.GetoptError, e:
raise ParseError(e)
if opts['help']:
Alexis S. L. Carvalho
polish the simplemerge command; add a test
r4364 showhelp()
Matt Mackall
merge: move the bulk of simplemerge into core...
r6002 sys.exit(0)
if len(args) != 3:
raise ParseError(_('wrong number of arguments'))
Steve Borho
simplemerge: use ui.warn() for warnings
r8269 sys.exit(simplemerge.simplemerge(ui.ui(), *args, **opts))
Matt Mackall
merge: move the bulk of simplemerge into core...
r6002 except ParseError, e:
sys.stdout.write("%s: %s\n" % (sys.argv[0], e))
showhelp()
sys.exit(1)
except util.Abort, e:
sys.stderr.write("abort: %s\n" % e)
sys.exit(255)
except KeyboardInterrupt:
sys.exit(255)