##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

[hgweb] Static content serving
Josef "Jeff" Sipek -
r1777:a2316878 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -7,6 +7,7 b''
7 # of the GNU General Public License, incorporated herein by reference.
7 # of the GNU General Public License, incorporated herein by reference.
8
8
9 import os, cgi, sys, urllib
9 import os, cgi, sys, urllib
10 import mimetypes
10 from demandload import demandload
11 from demandload import demandload
11 demandload(globals(), "mdiff time re socket zlib errno ui hg ConfigParser")
12 demandload(globals(), "mdiff time re socket zlib errno ui hg ConfigParser")
12 demandload(globals(), "zipfile tempfile StringIO tarfile BaseHTTPServer util")
13 demandload(globals(), "zipfile tempfile StringIO tarfile BaseHTTPServer util")
@@ -843,6 +844,7 b' class hgweb(object):'
843 'ca': [('cmd', ['archive']), ('node', None)],
844 'ca': [('cmd', ['archive']), ('node', None)],
844 'tags': [('cmd', ['tags'])],
845 'tags': [('cmd', ['tags'])],
845 'tip': [('cmd', ['changeset']), ('node', ['tip'])],
846 'tip': [('cmd', ['changeset']), ('node', ['tip'])],
847 'static': [('cmd', ['static']), ('file', None)]
846 }
848 }
847
849
848 for k in shortcuts.iterkeys():
850 for k in shortcuts.iterkeys():
@@ -858,6 +860,7 b' class hgweb(object):'
858 expand_form(req.form)
860 expand_form(req.form)
859
861
860 t = self.repo.ui.config("web", "templates", templatepath())
862 t = self.repo.ui.config("web", "templates", templatepath())
863 static = self.repo.ui.config("web", "static", os.path.join(t,"static"))
861 m = os.path.join(t, "map")
864 m = os.path.join(t, "map")
862 style = self.repo.ui.config("web", "style", "")
865 style = self.repo.ui.config("web", "style", "")
863 if req.form.has_key('style'):
866 if req.form.has_key('style'):
@@ -981,6 +984,38 b' class hgweb(object):'
981
984
982 req.write(self.t("error"))
985 req.write(self.t("error"))
983
986
987 elif req.form['cmd'][0] == 'static':
988 fname = req.form['file'][0]
989
990 fname = os.path.realpath(os.path.join(static, fname))
991
992 try:
993 # the static dir should be a substring in the real
994 # file path, if it is not, we have something strange
995 # going on => security breach attempt?
996 #
997 # This will either:
998 # 1) find the `static' path at index 0 = success
999 # 2) find the `static' path at other index = error
1000 # 3) not find the `static' path = ValueError generated
1001 if fname.index(static) != 0:
1002 # generate ValueError manually
1003 raise ValueError()
1004
1005 os.stat(fname)
1006
1007 ct = mimetypes.guess_type(fname)[0]
1008 if ct == None:
1009 ct = "text/plain"
1010
1011 req.write("Content-type: " + ct + "\n\n" + file(fname).read())
1012 except ValueError:
1013 # security breach attempt
1014 req.write(self.t("error"))
1015 except OSError, e:
1016 if e.errno == errno.ENOENT:
1017 req.write(self.t("error"))
1018
984 else:
1019 else:
985 req.write(self.t("error"))
1020 req.write(self.t("error"))
986
1021
Show file before | Show file after | Hide comments
@@ -89,7 +89,9 b' try:'
89 data_files=[('mercurial/templates',
89 data_files=[('mercurial/templates',
90 ['templates/map'] +
90 ['templates/map'] +
91 glob.glob('templates/map-*') +
91 glob.glob('templates/map-*') +
92 glob.glob('templates/*.tmpl'))],
92 glob.glob('templates/*.tmpl')),
93 ('mercurial/templates/static',
94 glob.glob('templates/static/*'))],
93 cmdclass=cmdclass,
95 cmdclass=cmdclass,
94 scripts=['hg', 'hgmerge'],
96 scripts=['hg', 'hgmerge'],
95 options=dict(bdist_mpkg=dict(zipdist=True,
97 options=dict(bdist_mpkg=dict(zipdist=True,
General Comments 0
You need to be logged in to leave comments. Login now