# HG changeset patch # User Martin Geisler # Date 2010-08-13 08:53:10 # Node ID d4bfa07f269f4a5e65e5602ec5d4898270bafcbb # Parent b9d316bcc0131655ea83547547888e6876310d8f url: limit expansion to safe auth keys (Issue2328) Mads Kiilerich pointed out that 7c9beccb0533 was too eager since the prefix and password keys may contain $-signs. So this only add the username to the list of keys that are expanded. This also updates the documentation to match. diff --git a/doc/hgrc.5.txt b/doc/hgrc.5.txt --- a/doc/hgrc.5.txt +++ b/doc/hgrc.5.txt @@ -232,16 +232,19 @@ Supported arguments: argument, q.v., is then subsequently consulted. ``username`` Optional. Username to authenticate with. If not given, and the - remote site requires basic or digest authentication, the user - will be prompted for it. + remote site requires basic or digest authentication, the user will + be prompted for it. Environment variables are expanded in the + username letting you do ``foo.username = $USER``. ``password`` Optional. Password to authenticate with. If not given, and the remote site requires basic or digest authentication, the user will be prompted for it. ``key`` - Optional. PEM encoded client certificate key file. + Optional. PEM encoded client certificate key file. Environment + variables are expanded in the filename. ``cert`` - Optional. PEM encoded client certificate chain file. + Optional. PEM encoded client certificate chain file. Environment + variables are expanded in the filename. ``schemes`` Optional. Space separated list of URI schemes to use this authentication entry with. Only used if the prefix doesn't include diff --git a/mercurial/url.py b/mercurial/url.py --- a/mercurial/url.py +++ b/mercurial/url.py @@ -156,7 +156,8 @@ class passwordmgr(urllib2.HTTPPasswordMg continue group, setting = key.split('.', 1) gdict = config.setdefault(group, dict()) - val = util.expandpath(val) + if setting in ('username', 'cert', 'key'): + val = util.expandpath(val) gdict[setting] = val # Find the best match