##// END OF EJS Templates
convert: test for shell injection in git calls (SEC)...
convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.

File last commit:

r15475:85cba926 stable
r28663:ae279d4a 3.7.3 stable
Show More
hgweb.fcgi
19 lines | 664 B | text/plain | TextLexer
Matt Mackall
hgweb: synchronize fcgi and wsgi scripts
r11002 #!/usr/bin/env python
#
# An example FastCGI script for use with flup, edit as necessary
# Path to repo or hgweb config to serve (see 'hg help hgweb')
config = "/path/to/repo/or/config"
Matt Mackall
hgweb: add hint about finding library path with debuginstall
r15475 # Uncomment and adjust if Mercurial is not installed system-wide
# (consult "installed modules" path from 'hg debuginstall'):
Matt Mackall
hgweb: synchronize fcgi and wsgi scripts
r11002 #import sys; sys.path.insert(0, "/path/to/python/lib")
# Uncomment to send python tracebacks to the browser if an error occurs:
#import cgitb; cgitb.enable()
from mercurial import demandimport; demandimport.enable()
from mercurial.hgweb import hgweb
from flup.server.fcgi import WSGIServer
application = hgweb(config)
WSGIServer(application).run()