upstream/mercurial-mirror Files · hg · RhodeCode Free Hosting

server: ensure the incoming request falls under the prefix value...

server: ensure the incoming request falls under the prefix value Prior to this, the first test asserted in wsgiref.validate.check_environ() saying PATH didn't start with '/', but the second test served up the repo. The assertion was just added in this cycle (though the value of PATH is still wrong without the assertion). Allowing access to the repo at any URL outside of the prefix is a long standing bug. This also affected hgwebdir, at least when used via --subrepo. Paths are not being canonicalized, so accesses to things like 'foo/../bar' will get tossed out here, unless the prefix also matches.

Yuya Nishihara - - Load All Authors

File last commit:

r34534:163fa0ae default


                r37288:7de7bd40

4.5.3 stable

Download file

             hg
        
                    41 lines
            
             | 1.2 KiB
            
                | text/plain
            
             |
                TextLexer

/ hg

History | Source | Raw |Copy content |Copy permalink

mpm@selenic.com Add back links from file revisions to changeset revisions...	r0	#!/usr/bin/env python
		#
Matt Mackall Update copyright notice	r1698	# mercurial - scalable distributed SCM
mpm@selenic.com Add back links from file revisions to changeset revisions...	r0	#
Thomas Arendsen Hein Updated copyright notices and add "and others" to "hg version"	r4635	# Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
mpm@selenic.com Add back links from file revisions to changeset revisions...	r0	#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
Matt Mackall Update license to GPLv2+	r10263	# GNU General Public License version 2 or any later version.
Augie Fackler hg: update top-level script to use modern import conventions	r33897	from __future__ import absolute_import
mpm@selenic.com Add back links from file revisions to changeset revisions...	r0
Dan Villiom Podlaski Christiansen setup/hg: always load Mercurial from where it was installed....	r12661	import os
		import sys

Augie Fackler hg: add support for HGUNICODEPEDANTRY environment variable...	r21812	if os.environ.get('HGUNICODEPEDANTRY', False):
timeless hg: limit HGUNICODEPEDANTRY to py2...	r29172	try:
		reload(sys)
		sys.setdefaultencoding("undefined")
		except NameError:
		pass
Augie Fackler hg: add support for HGUNICODEPEDANTRY environment variable...	r21812
Dan Villiom Podlaski Christiansen setup/hg: always load Mercurial from where it was installed....	r12661	libdir = '@LIBDIR@'

		if libdir != '@' 'LIBDIR' '@':
		if not os.path.isabs(libdir):
L. David Baron setup/hg: handle hg being a symlink when appending relative libdir to sys.path...	r12805	libdir = os.path.join(os.path.dirname(os.path.realpath(__file__)),
		libdir)
Dan Villiom Podlaski Christiansen setup/hg: always load Mercurial from where it was installed....	r12661	libdir = os.path.abspath(libdir)
		sys.path.insert(0, libdir)

Thomas Arendsen Hein Enable demandimport only in scripts, not in importable modules (issue605)...	r5197	# enable importing on demand to reduce startup time
Matt Mackall Give a useful message about PYTHONPATH if startup fails	r7672	try:
Siddharth Agarwal init: turn on demandimport for Python 3.6 and above...	r32424	if sys.version_info[0] < 3 or sys.version_info >= (3, 6):
		import hgdemandimport; hgdemandimport.enable()
Matt Mackall Give a useful message about PYTHONPATH if startup fails	r7672	except ImportError:
		sys.stderr.write("abort: couldn't find mercurial libraries in [%s]\n" %
		' '.join(sys.path))
		sys.stderr.write("(check your install and PYTHONPATH)\n")
		sys.exit(-1)
Thomas Arendsen Hein Enable demandimport only in scripts, not in importable modules (issue605)...	r5197
Yuya Nishihara dispatch: move initialization of sys.std* files...	r34534	from mercurial import dispatch
Augie Fackler hg: update top-level script to use modern import conventions	r33897	dispatch.run()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages