upstream/mercurial-mirror Files · i18n/hggettext

dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...

dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

Yuya Nishihara - - Load All Authors

File last commit:

r29720:041fecbb default


                r32050:77eaf953

4.1.3 stable

Download file

             hggettext
        
                    141 lines
            
             | 4.4 KiB
            
                | text/plain
            
             |
                TextLexer

/ i18n / hggettext

History | Source | Raw |Copy content |Copy permalink

Martin Geisler i18n: accurately generate hg.pot	r8542	#!/usr/bin/env python
		#
		# hggettext - carefully extract docstrings for Mercurial
		#
		# Copyright 2009 Matt Mackall <mpm@selenic.com> and others
		#
		# This software may be used and distributed according to the terms of the
Matt Mackall Update license to GPLv2+	r10263	# GNU General Public License version 2 or any later version.
Martin Geisler i18n: accurately generate hg.pot	r8542
		# The normalize function is taken from pygettext which is distributed
		# with Python under the Python License, which is GPL compatible.

		"""Extract docstrings from Mercurial commands.

		Compared to pygettext, this script knows about the cmdtable and table
		dictionaries used by Mercurial, and will only extract docstrings from
		functions mentioned therein.

		Use xgettext like normal to extract strings marked as translatable and
		join the message cataloges to get the final catalog.
		"""

Pulkit Goyal py3: make i18n/hggettext use print_function	r29171	from __future__ import absolute_import, print_function
Pulkit Goyal py3: make i18n/hggettext use absolute_import	r29170
		import inspect
		import os
		import sys
Martin Geisler i18n: accurately generate hg.pot	r8542

		def escape(s):
		# The order is important, the backslash must be escaped first
		# since the other replacements introduce new backslashes
		# themselves.
		s = s.replace('\\', '\\\\')
		s = s.replace('\n', '\\n')
		s = s.replace('\r', '\\r')
		s = s.replace('\t', '\\t')
		s = s.replace('"', '\\"')
		return s


		def normalize(s):
		# This converts the various Python string types into a format that
		# is appropriate for .po files, namely much closer to C style.
		lines = s.split('\n')
		if len(lines) == 1:
		s = '"' + escape(s) + '"'
		else:
		if not lines[-1]:
		del lines[-1]
		lines[-1] = lines[-1] + '\n'
		lines = map(escape, lines)
		lineterm = '\\n"\n"'
		s = '""\n"' + lineterm.join(lines) + '"'
		return s


		def poentry(path, lineno, s):
		return ('#: %s:%d\n' % (path, lineno) +
		'msgid %s\n' % normalize(s) +
		'msgstr ""\n')


		def offset(src, doc, name, default):
		"""Compute offset or issue a warning on stdout."""
		# Backslashes in doc appear doubled in src.
		end = src.find(doc.replace('\\', '\\\\'))
		if end == -1:
		# This can happen if the docstring contains unnecessary escape
		# sequences such as \" in a triple-quoted string. The problem
		# is that \" is turned into " and so doc wont appear in src.
		sys.stderr.write("warning: unknown offset in %s, assuming %d lines\n"
		% (name, default))
		return default
		else:
		return src.count('\n', 0, end)


		def importpath(path):
		"""Import a path like foo/bar/baz.py and return the baz module."""
		if path.endswith('.py'):
		path = path[:-3]
		if path.endswith('/__init__'):
		path = path[:-9]
		path = path.replace('/', '.')
		mod = __import__(path)
		for comp in path.split('.')[1:]:
		mod = getattr(mod, comp)
		return mod


		def docstrings(path):
		"""Extract docstrings from path.

		This respects the Mercurial cmdtable/table convention and will
		only extract docstrings from functions mentioned in these tables.
		"""
		mod = importpath(path)
		if mod.__doc__:
		src = open(path).read()
		lineno = 1 + offset(src, mod.__doc__, path, 7)
Pulkit Goyal py3: make i18n/hggettext use print_function	r29171	print(poentry(path, lineno, mod.__doc__))
Martin Geisler i18n: accurately generate hg.pot	r8542
Patrick Mezard hggettext: handle i18nfunctions declaration for docstrings translations	r12823	functions = list(getattr(mod, 'i18nfunctions', []))
		functions = [(f, True) for f in functions]

Martin Geisler i18n: accurately generate hg.pot	r8542	cmdtable = getattr(mod, 'cmdtable', {})
		if not cmdtable:
		# Maybe we are processing mercurial.commands?
		cmdtable = getattr(mod, 'table', {})
Patrick Mezard hggettext: handle i18nfunctions declaration for docstrings translations	r12823	functions.extend((c[0], False) for c in cmdtable.itervalues())
Martin Geisler i18n: accurately generate hg.pot	r8542
Patrick Mezard hggettext: handle i18nfunctions declaration for docstrings translations	r12823	for func, rstrip in functions:
Martin Geisler i18n: accurately generate hg.pot	r8542	if func.__doc__:
		src = inspect.getsource(func)
		name = "%s.%s" % (path, func.__name__)
Yuya Nishihara i18n: use inspect.getsourcelines() to obtain lineno from func or class...	r29720	lineno = inspect.getsourcelines(func)[1]
Patrick Mezard hggettext: handle i18nfunctions declaration for docstrings translations	r12823	doc = func.__doc__
		if rstrip:
		doc = doc.rstrip()
		lineno += offset(src, doc, name, 1)
Pulkit Goyal py3: make i18n/hggettext use print_function	r29171	print(poentry(path, lineno, doc))
Martin Geisler i18n: accurately generate hg.pot	r8542

Martin Geisler help: move help topics from mercurial/help.py to help/*.txt...	r9539	def rawtext(path):
		src = open(path).read()
Pulkit Goyal py3: make i18n/hggettext use print_function	r29171	print(poentry(path, 1, src))
Martin Geisler help: move help topics from mercurial/help.py to help/*.txt...	r9539

Martin Geisler i18n: accurately generate hg.pot	r8542	if __name__ == "__main__":
Martin Geisler hggettext: ensure correct Mercurial is imported	r8626	# It is very important that we import the Mercurial modules from
		# the source tree where hggettext is executed. Otherwise we might
		# accidentally import and extract strings from a Mercurial
		# installation mentioned in PYTHONPATH.
		sys.path.insert(0, os.getcwd())
		from mercurial import demandimport; demandimport.enable()
Martin Geisler i18n: accurately generate hg.pot	r8542	for path in sys.argv[1:]:
Martin Geisler help: move help topics from mercurial/help.py to help/*.txt...	r9539	if path.endswith('.txt'):
		rawtext(path)
		else:
		docstrings(path)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages