##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r26618:8e6d5b73 default
r32050:77eaf953 4.1.3 stable
Show More
test-merge9.t
94 lines | 1.7 KiB | text/troff | Tads3Lexer
Pradeepkumar Gayam
tests: unify test-merge9
r11982 test that we don't interrupt the merge session if
a file-level merge failed
$ hg init repo
$ cd repo
$ echo foo > foo
$ echo a > bar
$ hg ci -Am 'add foo'
adding bar
adding foo
$ hg mv foo baz
$ echo b >> bar
$ echo quux > quux1
$ hg ci -Am 'mv foo baz'
adding quux1
$ hg up -qC 0
$ echo >> foo
$ echo c >> bar
$ echo quux > quux2
$ hg ci -Am 'change foo'
adding quux2
created new head
test with the rename on the remote side
$ HGMERGE=false hg merge
merging bar
Siddharth Agarwal
merge.mergestate: perform all premerges before any merges (BC)...
r26618 merging foo and baz to baz
Pradeepkumar Gayam
tests: unify test-merge9
r11982 merging bar failed!
1 files updated, 1 files merged, 0 files removed, 1 files unresolved
Brodie Rao
merge: suggest 'hg up -C .' for discarding changes, not 'hg up -C'...
r12314 use 'hg resolve' to retry unresolved file merges or 'hg update -C .' to abandon
Matt Mackall
tests: add exit codes to unified tests
r12316 [1]
Pradeepkumar Gayam
tests: unify test-merge9
r11982 $ hg resolve -l
U bar
R baz
test with the rename on the local side
$ hg up -C 1
3 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ HGMERGE=false hg merge
merging bar
Siddharth Agarwal
merge.mergestate: perform all premerges before any merges (BC)...
r26618 merging baz and foo to baz
Pradeepkumar Gayam
tests: unify test-merge9
r11982 merging bar failed!
1 files updated, 1 files merged, 0 files removed, 1 files unresolved
Brodie Rao
merge: suggest 'hg up -C .' for discarding changes, not 'hg up -C'...
r12314 use 'hg resolve' to retry unresolved file merges or 'hg update -C .' to abandon
Matt Mackall
tests: add exit codes to unified tests
r12316 [1]
Pradeepkumar Gayam
tests: unify test-merge9
r11982
show unresolved
$ hg resolve -l
U bar
R baz
unmark baz
$ hg resolve -u baz
show
$ hg resolve -l
U bar
U baz
$ hg st
M bar
M baz
M quux2
? bar.orig
re-resolve baz
$ hg resolve baz
merging baz and foo to baz
after resolve
$ hg resolve -l
U bar
R baz
resolve all warning
$ hg resolve
Nathan Goldbaum
resolve: report no argument warning using a hint...
r21940 abort: no files or directories specified
timeless@mozdev.org
resolve: consistently describe re-merge + unresolved
r26352 (use --all to re-merge all unresolved files)
Matt Mackall
tests: add exit codes to unified tests
r12316 [255]
Pradeepkumar Gayam
tests: unify test-merge9
r11982
resolve all
$ hg resolve -a
merging bar
Siddharth Agarwal
simplemerge: move conflict warning message to filemerge...
r26614 warning: conflicts while merging bar! (edit, then use 'hg resolve --mark')
Matt Mackall
tests: add exit codes to unified tests
r12316 [1]
Pradeepkumar Gayam
tests: unify test-merge9
r11982
after
$ hg resolve -l
U bar
R baz
Mads Kiilerich
tests: add missing trailing 'cd ..'...
r16913
$ cd ..