##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r26781:1aee2ab0 default
r32050:77eaf953 4.1.3 stable
Show More
hgeditor
56 lines | 1.2 KiB | text/plain | TextLexer
Thomas Arendsen Hein
Remove bashisms and use /bin/sh instead of /bin/bash....
r544 #!/bin/sh
mpm@selenic.com
Add $HGEDITOR hook and example script...
r186 #
Benoit Boissinot
remove the gpg stuff from hgeditor (superseded by the signing extension)...
r1599 # This is an example of using HGEDITOR to create of diff to review the
Mads Kiilerich
spelling: trivial spell checking
r26781 # changes while committing.
Matt Mackall
Turn off signing with hgeditor by default...
r684
Radoslaw "AstralStorm" Szkodzinski
hgeditor: Remove EMAIL default for HGUSER, comment editor selection ...
r666 # If you want to pass your favourite editor some other parameters
# only for Mercurial, modify this:
Thomas Arendsen Hein
Replaced mktemp and usage of ${par:=word}.
r796 case "${EDITOR}" in
"")
EDITOR="vi"
;;
Thomas Arendsen Hein
Improved hgeditor:...
r348 emacs)
EDITOR="$EDITOR -nw"
;;
gvim|vim)
EDITOR="$EDITOR -f -o"
;;
esac
Thomas Arendsen Hein
Replaced mktemp and usage of ${par:=word}.
r796
HGTMP=""
cleanup_exit() {
rm -rf "$HGTMP"
}
Thomas Arendsen Hein
Fixes and cleanups to hgeditor:...
r754 # Remove temporary files even if we get interrupted
Thomas Arendsen Hein
Cleaned up trap handling:...
r831 trap "cleanup_exit" 0 # normal exit
Javi Merino
Fixed a bashism with trap numbers in hgeditor....
r11190 trap "exit 255" HUP INT QUIT ABRT TERM
Thomas Arendsen Hein
Replaced mktemp and usage of ${par:=word}.
r796
Javi Merino
Fixed a bashism with the use of $RANDOM in hgeditor....
r11266 HGTMP=$(mktemp -d ${TMPDIR-/tmp}/hgeditor.XXXXXX)
[ x$HGTMP != x -a -d $HGTMP ] || {
echo "Could not create temporary directory! Exiting." 1>&2
exit 1
Thomas Arendsen Hein
Replaced mktemp and usage of ${par:=word}.
r796 }
Thomas Arendsen Hein
Fixes and cleanups to hgeditor:...
r754 (
grep '^HG: changed' "$1" | cut -b 13- | while read changed; do
Thomas Arendsen Hein
hgeditor: Use $HG to run 'hg diff' (see 849f011dbf79)
r4687 "$HG" diff "$changed" >> "$HGTMP/diff"
Thomas Arendsen Hein
Fixes and cleanups to hgeditor:...
r754 done
)
Thomas Arendsen Hein
Improved hgeditor:...
r348
Benoit Boissinot
remove the gpg stuff from hgeditor (superseded by the signing extension)...
r1599 cat "$1" > "$HGTMP/msg"
Matt Mackall
Turn off signing with hgeditor by default...
r684
Will Maier
Find the system's MD5 binary....
r3025 MD5=$(which md5sum 2>/dev/null) || \
Thomas Arendsen Hein
Kill trailing spaces
r4659 MD5=$(which md5 2>/dev/null)
Will Maier
Find the system's MD5 binary....
r3025 [ -x "${MD5}" ] && CHECKSUM=`${MD5} "$HGTMP/msg"`
Thomas Arendsen Hein
Don't show the diff in hgeditor if there are no changes in file contents.
r1009 if [ -s "$HGTMP/diff" ]; then
$EDITOR "$HGTMP/msg" "$HGTMP/diff" || exit $?
else
$EDITOR "$HGTMP/msg" || exit $?
fi
Will Maier
Find the system's MD5 binary....
r3025 [ -x "${MD5}" ] && (echo "$CHECKSUM" | ${MD5} -c >/dev/null 2>&1 && exit 13)
Thomas Arendsen Hein
Fixes and cleanups to hgeditor:...
r754
Benoit Boissinot
remove the gpg stuff from hgeditor (superseded by the signing extension)...
r1599 mv "$HGTMP/msg" "$1"
Thomas Arendsen Hein
Improved hgeditor:...
r348
Thomas Arendsen Hein
Cleaned up trap handling:...
r831 exit $?