##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r31065:7074589c stable
r32050:77eaf953 4.1.3 stable
Show More
test-record.t
91 lines | 2.6 KiB | text/troff | Tads3Lexer
Matt Mackall
tests: fix a bunch of pointless #s in unified tests
r12328 Set up a repo
Dan Villiom Podlaski Christiansen
tests: unify test-record
r12074
Yuya Nishihara
tests: write hgrc of more than two lines by using shell heredoc...
r23172 $ cat <<EOF >> $HGRCPATH
> [ui]
> interactive = true
> [extensions]
> record =
> EOF
Dan Villiom Podlaski Christiansen
tests: unify test-record
r12074
$ hg init a
$ cd a
Laurent Charignon
record: remove duplicated tests...
r24308 Record help
$ hg record -h
hg record [OPTION]... [FILE]...
interactively select changes to commit
timeless
minirst: change hgrole to use single quotes...
r27729 If a list of files is omitted, all changes reported by 'hg status' will be
Laurent Charignon
record: remove duplicated tests...
r24308 candidates for recording.
timeless
minirst: change hgrole to use single quotes...
r27729 See 'hg help dates' for a list of formats valid for -d/--date.
Laurent Charignon
record: remove duplicated tests...
r24308
eloimorlaas
record: update help to describe ui.interface...
r31065 If using the text interface (see 'hg help config'), you will be prompted
for whether to record changes to each modified file, and for files with
multiple changes, for each change to use. For each query, the following
responses are possible:
Laurent Charignon
record: remove duplicated tests...
r24308
y - record this change
n - skip this change
e - edit this change manually
s - skip remaining changes to this file
f - record remaining changes to this file
d - done, skip remaining changes and files
a - record all changes to all remaining files
q - quit, recording no changes
? - display help
This command is not available when committing a merge.
timeless
help: use single quotes in use warning
r29974 (use 'hg help -e record' to show help for the record extension)
Pierre-Yves David
record: deprecate the extension...
r28697
Laurent Charignon
record: remove duplicated tests...
r24308 options ([+] can be repeated):
Pierre-Yves David
help: backout f3c4edfd35e1 (mark boolean flags with [no-] in help) for now...
r30152 -A --addremove mark new/missing files as added/removed before
committing
--close-branch mark a branch head as closed
--amend amend the parent of the working directory
-s --secret use the secret phase for committing
-e --edit invoke editor on commit messages
-I --include PATTERN [+] include names matching the given patterns
-X --exclude PATTERN [+] exclude names matching the given patterns
-m --message TEXT use text as commit message
-l --logfile FILE read commit message from file
-d --date DATE record the specified date as commit date
-u --user USER record the specified user as committer
-S --subrepos recurse into subrepositories
-w --ignore-all-space ignore white space when comparing lines
-b --ignore-space-change ignore changes in the amount of white space
-B --ignore-blank-lines ignore changes whose lines are all blank
Laurent Charignon
record: remove duplicated tests...
r24308
(some details hidden, use --verbose to show complete help)
Dan Villiom Podlaski Christiansen
tests: unify test-record
r12074 Select no files
$ touch empty-rw
$ hg add empty-rw
$ hg record empty-rw<<EOF
> n
> EOF
diff --git a/empty-rw b/empty-rw
new file mode 100644
Mads Kiilerich
ui: show prompt choice if input is not a tty but is forced to be interactive...
r22589 examine changes to 'empty-rw'? [Ynesfdaq?] n
Dan Villiom Podlaski Christiansen
tests: unify test-record
r12074 no changes to record
Philippe Pepiot
record: return code from underlying commit
r30158 [1]
Dan Villiom Podlaski Christiansen
tests: unify test-record
r12074
$ hg tip -p
changeset: -1:000000000000
tag: tip
user:
date: Thu Jan 01 00:00:00 1970 +0000