diff --git a/mercurial/hgweb/hgweb_mod.py b/mercurial/hgweb/hgweb_mod.py --- a/mercurial/hgweb/hgweb_mod.py +++ b/mercurial/hgweb/hgweb_mod.py @@ -77,24 +77,41 @@ class hgweb(object): self.reponame = name self.archives = 'zip', 'gz', 'bz2' self.stripecount = 1 - self.templatepath = self.repo.ui.config("web", "templates", - templater.templatepath()) + # a repo owner may set web.templates in .hg/hgrc to get any file + # readable by the user running the CGI script + self.templatepath = self.config("web", "templates", + templater.templatepath(), + untrusted=False) + + # The CGI scripts are often run by a user different from the repo owner. + # Trust the settings from the .hg/hgrc files by default. + def config(self, section, name, default=None, untrusted=True): + return self.repo.ui.config(section, name, default, + untrusted=untrusted) + + def configbool(self, section, name, default=False, untrusted=True): + return self.repo.ui.configbool(section, name, default, + untrusted=untrusted) + + def configlist(self, section, name, default=None, untrusted=True): + return self.repo.ui.configlist(section, name, default, + untrusted=untrusted) def refresh(self): mtime = get_mtime(self.repo.root) if mtime != self.mtime: self.mtime = mtime self.repo = hg.repository(self.repo.ui, self.repo.root) - self.maxchanges = int(self.repo.ui.config("web", "maxchanges", 10)) - self.stripecount = int(self.repo.ui.config("web", "stripes", 1)) - self.maxshortchanges = int(self.repo.ui.config("web", "maxshortchanges", 60)) - self.maxfiles = int(self.repo.ui.config("web", "maxfiles", 10)) - self.allowpull = self.repo.ui.configbool("web", "allowpull", True) + self.maxchanges = int(self.config("web", "maxchanges", 10)) + self.stripecount = int(self.config("web", "stripes", 1)) + self.maxshortchanges = int(self.config("web", "maxshortchanges", 60)) + self.maxfiles = int(self.config("web", "maxfiles", 10)) + self.allowpull = self.configbool("web", "allowpull", True) def archivelist(self, nodeid): - allowed = self.repo.ui.configlist("web", "allow_archive") + allowed = self.configlist("web", "allow_archive") for i, spec in self.archive_specs.iteritems(): - if i in allowed or self.repo.ui.configbool("web", "allow" + i): + if i in allowed or self.configbool("web", "allow" + i): yield {"type" : i, "extension" : spec[2], "node" : nodeid} def listfilediffs(self, files, changeset): @@ -169,7 +186,7 @@ class hgweb(object): modified, added, removed = map(lambda x: filterfiles(files, x), (modified, added, removed)) - diffopts = patch.diffopts(self.repo.ui) + diffopts = patch.diffopts(self.repo.ui, untrusted=True) for f in modified: to = r.file(f).read(mmap1[f]) tn = r.file(f).read(mmap2[f]) @@ -571,10 +588,10 @@ class hgweb(object): end = min(count, start + self.maxchanges) yield self.t("summary", - desc = self.repo.ui.config("web", "description", "unknown"), - owner = (self.repo.ui.config("ui", "username") or # preferred - self.repo.ui.config("web", "contact") or # deprecated - self.repo.ui.config("web", "author", "unknown")), # also + desc = self.config("web", "description", "unknown"), + owner = (self.config("ui", "username") or # preferred + self.config("web", "contact") or # deprecated + self.config("web", "author", "unknown")), # also lastchange = cl.read(cl.tip())[2], tags = tagentries, heads = heads, @@ -650,7 +667,7 @@ class hgweb(object): yield self.t("footer", **map) def motd(**map): - yield self.repo.ui.config("web", "motd", "") + yield self.config("web", "motd", "") def expand_form(form): shortcuts = { @@ -748,7 +765,7 @@ class hgweb(object): fields = [] if req.form.has_key('style'): style = req.form['style'][0] - if style != self.repo.ui.config('web', 'style', ''): + if style != self.config('web', 'style', ''): fields.append(('style', style)) separator = req.url[-1] == '?' and ';' or '?' @@ -761,7 +778,7 @@ class hgweb(object): expand_form(req.form) rewrite_request(req) - style = self.repo.ui.config("web", "style", "") + style = self.config("web", "style", "") if req.form.has_key('style'): style = req.form['style'][0] mapfile = style_map(self.templatepath, style) @@ -771,7 +788,7 @@ class hgweb(object): urlbase = 'http://%s%s' % (req.env['SERVER_NAME'], port) if not self.reponame: - self.reponame = (self.repo.ui.config("web", "name") + self.reponame = (self.config("web", "name") or req.env.get('REPO_NAME') or req.url.strip('/') or self.repo.root) @@ -985,9 +1002,9 @@ class hgweb(object): def do_archive(self, req): changeset = self.repo.lookup(req.form['node'][0]) type_ = req.form['type'][0] - allowed = self.repo.ui.configlist("web", "allow_archive") + allowed = self.configlist("web", "allow_archive") if (type_ in self.archives and (type_ in allowed or - self.repo.ui.configbool("web", "allow" + type_, False))): + self.configbool("web", "allow" + type_, False))): self.archive(req, changeset, type_) return @@ -995,15 +1012,17 @@ class hgweb(object): def do_static(self, req): fname = req.form['file'][0] - static = self.repo.ui.config("web", "static", - os.path.join(self.templatepath, - "static")) + # a repo owner may set web.static in .hg/hgrc to get any file + # readable by the user running the CGI script + static = self.config("web", "static", + os.path.join(self.templatepath, "static"), + untrusted=False) req.write(staticfile(static, fname, req) or self.t("error", error="%r not found" % fname)) def do_capabilities(self, req): caps = ['unbundle', 'lookup', 'changegroupsubset'] - if self.repo.ui.configbool('server', 'uncompressed'): + if self.configbool('server', 'uncompressed'): caps.append('stream=%d' % self.repo.revlogversion) resp = ' '.join(caps) req.httphdr("application/mercurial-0.1", length=len(resp)) @@ -1016,11 +1035,11 @@ class hgweb(object): user = req.env.get('REMOTE_USER') - deny = self.repo.ui.configlist('web', 'deny_' + op) + deny = self.configlist('web', 'deny_' + op) if deny and (not user or deny == ['*'] or user in deny): return False - allow = self.repo.ui.configlist('web', 'allow_' + op) + allow = self.configlist('web', 'allow_' + op) return (allow and (allow == ['*'] or user in allow)) or default def do_unbundle(self, req): @@ -1036,7 +1055,7 @@ class hgweb(object): # require ssl by default, auth info cannot be sniffed and # replayed - ssl_req = self.repo.ui.configbool('web', 'push_ssl', True) + ssl_req = self.configbool('web', 'push_ssl', True) if ssl_req: if not req.env.get('HTTPS'): bail(_('ssl required\n'))