##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

server: ensure the incoming request falls under the prefix value...
Matt Harbison -
r37508:7de7bd40 4.5.3 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -118,6 +118,14 b' class _httprequesthandler(httpservermod.'
118 self.sent_headers = False
118 self.sent_headers = False
119 path, query = _splitURI(self.path)
119 path, query = _splitURI(self.path)
120
120
121 # Ensure the slicing of path below is valid
122 if (path != self.server.prefix
123 and not path.startswith(self.server.prefix + b'/')):
124 self._start_response(common.statusmessage(404), [])
125 self._write("Not Found")
126 self._done()
127 return
128
121 env = {}
129 env = {}
122 env[r'GATEWAY_INTERFACE'] = r'CGI/1.1'
130 env[r'GATEWAY_INTERFACE'] = r'CGI/1.1'
123 env[r'REQUEST_METHOD'] = self.command
131 env[r'REQUEST_METHOD'] = self.command
Show file before | Show file after | Hide comments
@@ -78,4 +78,24 b' With --prefix /foo/'
78 listening at http://localhost/foo/ (bound to *$LOCALIP*:HGPORT1) (glob) (?)
78 listening at http://localhost/foo/ (bound to *$LOCALIP*:HGPORT1) (glob) (?)
79 % errors
79 % errors
80
80
81 $ $PYTHON $RUNTESTDIR/killdaemons.py $DAEMON_PIDS
82
83 With out of bounds accesses
84
85 $ rm access.log
86 $ hg serve -a localhost -p $HGPORT -d --prefix some/dir \
87 > --pid-file=hg.pid -E errors.log
88 $ cat hg.pid >> "$DAEMON_PIDS"
89
90 $ hg id http://localhost:$HGPORT/some/dir7
91 abort: HTTP Error 404: Not Found
92 [255]
93 $ hg id http://localhost:$HGPORT/some
94 abort: HTTP Error 404: Not Found
95 [255]
96
97 $ cat access.log errors.log
98 $LOCALIP - - [$LOGDATE$] "GET /some/dir7?cmd=capabilities HTTP/1.1" 404 - (glob)
99 $LOCALIP - - [$LOGDATE$] "GET /some?cmd=capabilities HTTP/1.1" 404 - (glob)
100
81 $ cd ..
101 $ cd ..
General Comments 0
You need to be logged in to leave comments. Login now