upstream/mercurial-mirror Commit - r3556:c3043ebe

use untrusted settings in hgwebdir

Alexis S. L. Carvalho -

r3556:c3043ebe default

parent child

mercurial/hgweb/hgwebdir_mod.py

0 +5 -3

                                                          "url": url})
                     def archivelist(ui, nodeid, url):
-                        allowed = ui.configlist("web", "allow_archive")
+                        allowed = ui.configlist("web", "allow_archive", untrusted=True)
                         for i in [('zip', '.zip'), ('gz', '.tar.gz'), ('bz2', '.tar.bz2')]:
-                            if i[0] in allowed or ui.configbool("web", "allow" + i[0]):
+                            if i[0] in allowed or ui.configbool("web", "allow" + i[0],
+                                                                untrusted=True):
                                 yield {"type" : i[0], "extension": i[1],
                                        "node": nodeid, "url": url}
                                 u.readconfig(os.path.join(path, '.hg', 'hgrc'))
                             except IOError:
                                 pass
-                            get = u.config
+                            def get(section, name, default=None):
+                                return u.config(section, name, default, untrusted=True)
                             url = ('/'.join([req.env["REQUEST_URI"].split('?')[0], name])
                                    .replace("//", "/")) + '/'

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages