Show More
@@ -1014,7 +1014,7 b' def copy(ui, repo, *pats, **opts):' | |||||
1014 |
|
1014 | |||
1015 | def debugancestor(ui, index, rev1, rev2): |
|
1015 | def debugancestor(ui, index, rev1, rev2): | |
1016 | """find the ancestor revision of two revisions in a given index""" |
|
1016 | """find the ancestor revision of two revisions in a given index""" | |
1017 | r = revlog.revlog(util.opener(os.getcwd()), index, "") |
|
1017 | r = revlog.revlog(util.opener(os.getcwd(), audit=False), index, "") | |
1018 | a = r.ancestor(r.lookup(rev1), r.lookup(rev2)) |
|
1018 | a = r.ancestor(r.lookup(rev1), r.lookup(rev2)) | |
1019 | ui.write("%d:%s\n" % (r.rev(a), hex(a))) |
|
1019 | ui.write("%d:%s\n" % (r.rev(a), hex(a))) | |
1020 |
|
1020 | |||
@@ -1100,7 +1100,8 b' def debugstate(ui, repo):' | |||||
1100 |
|
1100 | |||
1101 | def debugdata(ui, file_, rev): |
|
1101 | def debugdata(ui, file_, rev): | |
1102 | """dump the contents of an data file revision""" |
|
1102 | """dump the contents of an data file revision""" | |
1103 |
r = revlog.revlog(util.opener(os.getcwd()), |
|
1103 | r = revlog.revlog(util.opener(os.getcwd(), audit=False), | |
|
1104 | file_[:-2] + ".i", file_) | |||
1104 | try: |
|
1105 | try: | |
1105 | ui.write(r.revision(r.lookup(rev))) |
|
1106 | ui.write(r.revision(r.lookup(rev))) | |
1106 | except KeyError: |
|
1107 | except KeyError: | |
@@ -1108,7 +1109,7 b' def debugdata(ui, file_, rev):' | |||||
1108 |
|
1109 | |||
1109 | def debugindex(ui, file_): |
|
1110 | def debugindex(ui, file_): | |
1110 | """dump the contents of an index file""" |
|
1111 | """dump the contents of an index file""" | |
1111 | r = revlog.revlog(util.opener(os.getcwd()), file_, "") |
|
1112 | r = revlog.revlog(util.opener(os.getcwd(), audit=False), file_, "") | |
1112 | ui.write(" rev offset length base linkrev" + |
|
1113 | ui.write(" rev offset length base linkrev" + | |
1113 | " nodeid p1 p2\n") |
|
1114 | " nodeid p1 p2\n") | |
1114 | for i in range(r.count()): |
|
1115 | for i in range(r.count()): | |
@@ -1119,7 +1120,7 b' def debugindex(ui, file_):' | |||||
1119 |
|
1120 | |||
1120 | def debugindexdot(ui, file_): |
|
1121 | def debugindexdot(ui, file_): | |
1121 | """dump an index DAG as a .dot file""" |
|
1122 | """dump an index DAG as a .dot file""" | |
1122 | r = revlog.revlog(util.opener(os.getcwd()), file_, "") |
|
1123 | r = revlog.revlog(util.opener(os.getcwd(), audit=False), file_, "") | |
1123 | ui.write("digraph G {\n") |
|
1124 | ui.write("digraph G {\n") | |
1124 | for i in range(r.count()): |
|
1125 | for i in range(r.count()): | |
1125 | e = r.index[i] |
|
1126 | e = r.index[i] |
@@ -1679,6 +1679,7 b' class localrepository(object):' | |||||
1679 | remove.sort() |
|
1679 | remove.sort() | |
1680 | for f in remove: |
|
1680 | for f in remove: | |
1681 | self.ui.note(_("removing %s\n") % f) |
|
1681 | self.ui.note(_("removing %s\n") % f) | |
|
1682 | util.audit_path(f) | |||
1682 | try: |
|
1683 | try: | |
1683 | util.unlink(self.wjoin(f)) |
|
1684 | util.unlink(self.wjoin(f)) | |
1684 | except OSError, inst: |
|
1685 | except OSError, inst: |
@@ -363,7 +363,14 b' def copyfiles(src, dst, hardlink=None):' | |||||
363 | else: |
|
363 | else: | |
364 | shutil.copy(src, dst) |
|
364 | shutil.copy(src, dst) | |
365 |
|
365 | |||
366 | def opener(base): |
|
366 | def audit_path(path): | |
|
367 | """Abort if path contains dangerous components""" | |||
|
368 | parts = os.path.normcase(path).split(os.sep) | |||
|
369 | if (os.path.splitdrive(path)[0] or parts[0] in ('.hg', '') | |||
|
370 | or os.pardir in parts): | |||
|
371 | raise Abort(_("path contains illegal component: %s\n") % path) | |||
|
372 | ||||
|
373 | def opener(base, audit=True): | |||
367 | """ |
|
374 | """ | |
368 | return a function that opens files relative to base |
|
375 | return a function that opens files relative to base | |
369 |
|
376 | |||
@@ -371,6 +378,7 b' def opener(base):' | |||||
371 | remote file access from higher level code. |
|
378 | remote file access from higher level code. | |
372 | """ |
|
379 | """ | |
373 | p = base |
|
380 | p = base | |
|
381 | audit_p = audit | |||
374 |
|
382 | |||
375 | def mktempcopy(name): |
|
383 | def mktempcopy(name): | |
376 | d, fn = os.path.split(name) |
|
384 | d, fn = os.path.split(name) | |
@@ -401,6 +409,8 b' def opener(base):' | |||||
401 | self.close() |
|
409 | self.close() | |
402 |
|
410 | |||
403 | def o(path, mode="r", text=False, atomic=False): |
|
411 | def o(path, mode="r", text=False, atomic=False): | |
|
412 | if audit_p: | |||
|
413 | audit_path(path) | |||
404 | f = os.path.join(p, path) |
|
414 | f = os.path.join(p, path) | |
405 |
|
415 | |||
406 | if not text: |
|
416 | if not text: |
General Comments 0
You need to be logged in to leave comments.
Login now