##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

hgweb: Respond with HTTP 403 for disabled archive types instead of 404...
Rocco Rutte -
r7029:b84d2738 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -11,6 +11,7 import errno, mimetypes, os
11 11 HTTP_OK = 200
12 12 HTTP_BAD_REQUEST = 400
13 13 HTTP_UNAUTHORIZED = 401
14 HTTP_FORBIDDEN = 403
14 15 HTTP_NOT_FOUND = 404
15 16 HTTP_METHOD_NOT_ALLOWED = 405
16 17 HTTP_SERVER_ERROR = 500
Show file before | Show file after | Hide comments
@@ -12,7 +12,7 from mercurial.node import short, hex, n
12 12 from mercurial.util import binary, datestr
13 13 from mercurial.repo import RepoError
14 14 from common import paritygen, staticfile, get_contact, ErrorResponse
15 from common import HTTP_OK, HTTP_NOT_FOUND
15 from common import HTTP_OK, HTTP_FORBIDDEN, HTTP_NOT_FOUND
16 16 from mercurial import graphmod, util
17 17
18 18 # __all__ is populated with the allowed commands. Be sure to add to it if
@@ -535,11 +535,15 def archive(web, req, tmpl):
535 535 allowed = web.configlist("web", "allow_archive")
536 536 key = req.form['node'][0]
537 537
538 if not (type_ in web.archives and (type_ in allowed or
539 web.configbool("web", "allow" + type_, False))):
538 if type_ not in web.archives:
540 539 msg = 'Unsupported archive type: %s' % type_
541 540 raise ErrorResponse(HTTP_NOT_FOUND, msg)
542 541
542 if not ((type_ in allowed or
543 web.configbool("web", "allow" + type_, False))):
544 msg = 'Archive type not allowed: %s' % type_
545 raise ErrorResponse(HTTP_FORBIDDEN, msg)
546
543 547 reponame = re.sub(r"\W+", "-", os.path.basename(web.reponame))
544 548 cnode = web.repo.lookup(key)
545 549 arch_version = key
Show file before | Show file after | Hide comments
@@ -12,9 +12,35 echo bletch>baz/bletch
12 12 hg commit -Am 3 -d '1000000000 0'
13 13 echo "[web]" >> .hg/hgrc
14 14 echo "name = test-archive" >> .hg/hgrc
15 echo "allow_archive = gz bz2, zip" >> .hg/hgrc
15 cp .hg/hgrc .hg/hgrc-base
16
17 # check http return codes
18 test_archtype() {
19 echo "allow_archive = $1" >> .hg/hgrc
16 20 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
17 21 cat hg.pid >> $DAEMON_PIDS
22 echo % $1 allowed should give 200
23 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$2" | head -n 1
24 echo % $3 and $4 disallowed should both give 403
25 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$3" | head -n 1
26 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.$4" | head -n 1
27 kill `cat hg.pid`
28 cat errors.log
29 cp .hg/hgrc-base .hg/hgrc
30 }
31
32 echo
33 test_archtype gz tar.gz tar.bz2 zip
34 test_archtype bz2 tar.bz2 zip tar.gz
35 test_archtype zip zip tar.gz tar.bz2
36
37 echo "allow_archive = gz bz2 zip" >> .hg/hgrc
38 hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
39 cat hg.pid >> $DAEMON_PIDS
40
41 echo % invalid arch type should give 404
42 "$TESTDIR/get-with-headers.py" localhost:$HGPORT "/archive/tip.invalid" | head -n 1
43 echo
18 44
19 45 TIP=`hg id -v | cut -f1 -d' '`
20 46 QTIP=`hg id -q`
Show file before | Show file after | Hide comments
@@ -1,6 +1,25
1 1 adding foo
2 2 adding bar
3 3 adding baz/bletch
4
5 % gz allowed should give 200
6 200 Script output follows
7 % tar.bz2 and zip disallowed should both give 403
8 403 Forbidden
9 403 Forbidden
10 % bz2 allowed should give 200
11 200 Script output follows
12 % zip and tar.gz disallowed should both give 403
13 403 Forbidden
14 403 Forbidden
15 % zip allowed should give 200
16 200 Script output follows
17 % tar.gz and tar.bz2 disallowed should both give 403
18 403 Forbidden
19 403 Forbidden
20 % invalid arch type should give 404
21 404 Not Found
22
4 23 test-archive-TIP/.hg_archival.txt
5 24 test-archive-TIP/bar
6 25 test-archive-TIP/baz/bletch
General Comments 0
You need to be logged in to leave comments. Login now