upstream/mercurial-mirror Files · mercurial/templates/monoblue/bookmarks.tmpl

dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...

dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

av6 - - Load All Authors

File last commit:

r27550:1a2a3b04 default


                r32050:77eaf953

4.1.3 stable

Download file

             bookmarks.tmpl
        
                    38 lines
            
             | 1.7 KiB
            
                | application/x-cheetah
            
             |
                CheetahLexer
            
             / mercurial / templates / monoblue / bookmarks.tmpl
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Yuya Nishihara
    
hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)

              r13860
            
      {header}

          <title>{repo|escape}: Bookmarks</title>

        av6
    
monoblue: correct feed links on /branches, /tags and /bookmarks

              r27550
            
          <link rel="alternate" type="application/atom+xml" href="{url|urlescape}atom-bookmarks" title="Atom feed for {repo|escape}: bookmarks"/>

          <link rel="alternate" type="application/rss+xml" href="{url|urlescape}rss-bookmarks" title="RSS feed for {repo|escape}: bookmarks"/>

        Yuya Nishihara
    
hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)

              r13860
            
      </head>

      <body>

      <div id="container">

          <div class="page-header">

        Angel Ezquerra <angel.ezquerra at gmail.com>
    
hgweb: add a "URL breadcrumb" to the index and repository pages...

              r18258
            
              <h1 class="breadcrumb"><a href="/">Mercurial</a> {pathdef%breadcrumb} / bookmarks</h1>

        Yuya Nishihara
    
hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)

              r13860
            
        Thomas Arendsen Hein
    
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...

              r18526
            
              <form action="{url|urlescape}log">

        Yuya Nishihara
    
hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)

              r13860
            
                  {sessionvars%hiddenformentry}

                  <dl class="search">

                      <dt><label>Search: </label></dt>

                      <dd><input type="text" name="rev" /></dd>

                  </dl>

              </form>

              <ul class="page-nav">

        Thomas Arendsen Hein
    
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...

              r18526
            
                  <li><a href="{url|urlescape}summary{sessionvars%urlparameter}">summary</a></li>

                  <li><a href="{url|urlescape}shortlog{sessionvars%urlparameter}">shortlog</a></li>

                  <li><a href="{url|urlescape}changelog{sessionvars%urlparameter}">changelog</a></li>

        av6
    
hgweb: don't point graph links at tip hash where it doesn't make sense...

              r25525
            
                  <li><a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a></li>

        Thomas Arendsen Hein
    
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...

              r18526
            
                  <li><a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a></li>

        Yuya Nishihara
    
hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)

              r13860
            
                  <li class="current">bookmarks</li>

        Thomas Arendsen Hein
    
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...

              r18526
            
                  <li><a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a></li>

        av6
    
hgweb: don't point file links at tip hash where it doesn't make sense...

              r25526
            
                  <li><a href="{url|urlescape}file{sessionvars%urlparameter}">files</a></li>

        Anton Shestakov
    
hgweb: don't mix tabs and spaces in monoblue templates

              r24129
            
                  <li><a href="{url|urlescape}help{sessionvars%urlparameter}">help</a></li>

        Yuya Nishihara
    
hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)

              r13860
            
              </ul>

          </div>

          <h2 class="no-link no-border">bookmarks</h2>

          <table cellspacing="0">

      {entries%bookmarkentry}

          </table>

      {footer}

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Yuya Nishihara hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)	r13860	{header}
		<title>{repo\|escape}: Bookmarks</title>
av6 monoblue: correct feed links on /branches, /tags and /bookmarks	r27550	<link rel="alternate" type="application/atom+xml" href="{url\|urlescape}atom-bookmarks" title="Atom feed for {repo\|escape}: bookmarks"/>
		<link rel="alternate" type="application/rss+xml" href="{url\|urlescape}rss-bookmarks" title="RSS feed for {repo\|escape}: bookmarks"/>
Yuya Nishihara hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)	r13860	</head>

		<body>
		<div id="container">
		<div class="page-header">
Angel Ezquerra <angel.ezquerra at gmail.com> hgweb: add a "URL breadcrumb" to the index and repository pages...	r18258	<h1 class="breadcrumb"><a href="/">Mercurial</a> {pathdef%breadcrumb} / bookmarks</h1>
Yuya Nishihara hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)	r13860
Thomas Arendsen Hein hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...	r18526	<form action="{url\|urlescape}log">
Yuya Nishihara hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)	r13860	{sessionvars%hiddenformentry}
		<dl class="search">
		<dt><label>Search: </label></dt>
		<dd><input type="text" name="rev" /></dd>
		</dl>
		</form>

		<ul class="page-nav">
Thomas Arendsen Hein hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...	r18526	<li><a href="{url\|urlescape}summary{sessionvars%urlparameter}">summary</a></li>
		<li><a href="{url\|urlescape}shortlog{sessionvars%urlparameter}">shortlog</a></li>
		<li><a href="{url\|urlescape}changelog{sessionvars%urlparameter}">changelog</a></li>
av6 hgweb: don't point graph links at tip hash where it doesn't make sense...	r25525	<li><a href="{url\|urlescape}graph{sessionvars%urlparameter}">graph</a></li>
Thomas Arendsen Hein hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...	r18526	<li><a href="{url\|urlescape}tags{sessionvars%urlparameter}">tags</a></li>
Yuya Nishihara hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)	r13860	<li class="current">bookmarks</li>
Thomas Arendsen Hein hgweb: urlescape all urls, HTML escape repo/tag/branch/... names...	r18526	<li><a href="{url\|urlescape}branches{sessionvars%urlparameter}">branches</a></li>
av6 hgweb: don't point file links at tip hash where it doesn't make sense...	r25526	<li><a href="{url\|urlescape}file{sessionvars%urlparameter}">files</a></li>
Anton Shestakov hgweb: don't mix tabs and spaces in monoblue templates	r24129	<li><a href="{url\|urlescape}help{sessionvars%urlparameter}">help</a></li>
Yuya Nishihara hgweb: add separate bookmarks listing to monoblue theme (based on 38c9837b1f75)	r13860	</ul>
		</div>

		<h2 class="no-link no-border">bookmarks</h2>
		<table cellspacing="0">
		{entries%bookmarkentry}
		</table>

		{footer}