##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC)...
subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC) CVE-2016-3068 (1/1) Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. This feature allows implementing simple git smart transports with a single shell shell command. However, git submodules could clone arbitrary URLs specified in the .gitmodules file. This was reported as CVE-2015-7545 and fixed in git v2.6.1. However, if a user directly clones a malicious ext URL, the git client will still run arbitrary shell commands. Mercurial is similarly effected. Mercurial allows specifying git repositories as subrepositories. Git ext:: URLs can be specified as Mercurial subrepositories allowing arbitrary shell commands to be run on `hg clone ...`. The Mercurial community would like to thank Blake Burkhart for reporting this issue. The description of the issue is copied from Blake's report. This commit changes submodules to pass the GIT_ALLOW_PROTOCOL env variable to git commands with the same list of allowed protocols that git submodule is using. When the GIT_ALLOW_PROTOCOL env variable is already set, we just pass it to git without modifications.
Gregory Szorc - - Load All Authors

File last commit:

r25955:2c07c688 default
r28658:34d43cb8 stable
Show More
i18n.py
96 lines | 3.3 KiB | text/x-python | PythonLexer
/ mercurial / i18n.py
History | Source | Raw |Copy content |Copy permalink
Martin Geisler
put license and copyright info into comment blocks
 r8226 # i18n.py - internationalization support for mercurial
#
# Copyright 2005, 2006 Matt Mackall <mpm@selenic.com>
#
# This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
 r10263 # GNU General Public License version 2 or any later version.
Benoit Boissinot
i18n first part: make '_' available for files who need it
 r1400
Gregory Szorc
i18n: use absolute_import
 r25955 from __future__ import absolute_import
import gettext as gettextmod
import locale
import os
import sys
from . import encoding
Martin Geisler
i18n: lookup .mo files in private locale/ directory...
 r7650
# modelled after templater.templatepath:
Augie Fackler
i18n: use getattr instead of hasattr...
 r14975 if getattr(sys, 'frozen', None) is not None:
Martin Geisler
i18n: lookup .mo files in private locale/ directory...
 r7650 module = sys.executable
else:
module = __file__
Yuya Nishihara
i18n: detect UI language without POSIX-style locale variable on Windows (BC)...
 r21987 _languages = None
if (os.name == 'nt'
and 'LANGUAGE' not in os.environ
and 'LC_ALL' not in os.environ
and 'LC_MESSAGES' not in os.environ
and 'LANG' not in os.environ):
# Try to detect UI language by "User Interface Language Management" API
# if no locale variables are set. Note that locale.getdefaultlocale()
# uses GetLocaleInfo(), which may be different from UI language.
# (See http://msdn.microsoft.com/en-us/library/dd374098(v=VS.85).aspx )
try:
import ctypes
langid = ctypes.windll.kernel32.GetUserDefaultUILanguage()
_languages = [locale.windows_locale[langid]]
except (ImportError, AttributeError, KeyError):
# ctypes not found or unknown langid
pass
Mads Kiilerich
i18n: use datapath for i18n like for templates and help...
 r22638 _ugettext = None
def setdatapath(datapath):
localedir = os.path.join(datapath, 'locale')
t = gettextmod.translation('hg', localedir, _languages, fallback=True)
global _ugettext
_ugettext = t.ugettext
Martin Geisler
i18n: encode output in user's local encoding...
 r7651
Augie Fackler
i18n: cache the result of every gettext call...
 r23031 _msgcache = {}
Martin Geisler
i18n: encode output in user's local encoding...
 r7651 def gettext(message):
"""Translate message.
The message is looked up in the catalog to get a Unicode string,
which is encoded in the local encoding before being returned.
Important: message is restricted to characters in the encoding
given by sys.getdefaultencoding() which is most likely 'ascii'.
"""
# If message is None, t.ugettext will return u'None' as the
# translation whereas our callers expect us to return None.
Mads Kiilerich
i18n: use datapath for i18n like for templates and help...
 r22638 if message is None or not _ugettext:
Martin Geisler
i18n: encode output in user's local encoding...
 r7651 return message
Augie Fackler
i18n: cache the result of every gettext call...
 r23031 if message not in _msgcache:
if type(message) is unicode:
# goofy unicode docstrings in test
paragraphs = message.split(u'\n\n')
else:
paragraphs = [p.decode("ascii") for p in message.split('\n\n')]
# Be careful not to translate the empty string -- it holds the
# meta data of the .po file.
u = u'\n\n'.join([p and _ugettext(p) or '' for p in paragraphs])
try:
# encoding.tolocal cannot be used since it will first try to
# decode the Unicode string. Calling u.decode(enc) really
# means u.encode(sys.getdefaultencoding()).decode(enc). Since
# the Python encoding defaults to 'ascii', this fails if the
# translated string use non-ASCII characters.
_msgcache[message] = u.encode(encoding.encoding, "replace")
except LookupError:
# An unknown encoding results in a LookupError.
_msgcache[message] = message
return _msgcache[message]
Martin Geisler
i18n: encode output in user's local encoding...
 r7651
Brodie Rao
HGPLAIN: allow exceptions to plain mode, like i18n, via HGPLAINEXCEPT...
 r13849 def _plain():
if 'HGPLAIN' not in os.environ and 'HGPLAINEXCEPT' not in os.environ:
return False
exceptions = os.environ.get('HGPLAINEXCEPT', '').strip().split(',')
return 'i18n' not in exceptions
if _plain():
Brodie Rao
ui: add HGPLAIN environment variable for easier scripting...
 r10455 _ = lambda message: message
else:
_ = gettext