##// END OF EJS Templates
hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)...
Matt Mackall -
r15004:d06b9c55 stable
parent child Browse files
Show More
@@ -1154,6 +1154,13 b' The full set of options is:'
1154 be present in this list. The contents of the allow_push list are
1154 be present in this list. The contents of the allow_push list are
1155 examined after the deny_push list.
1155 examined after the deny_push list.
1156
1156
1157 ``guessmime``
1158 Control MIME types for raw download of file content.
1159 Set to True to let hgweb guess the content type from the file
1160 extension. This will serve HTML files as ``text/html`` and might
1161 allow cross-site scripting attacks when serving untrusted
1162 repositories. Default is False.
1163
1157 ``allow_read``
1164 ``allow_read``
1158 If the user has not already been denied repository access due to
1165 If the user has not already been denied repository access due to
1159 the contents of deny_read, this list determines whether to grant
1166 the contents of deny_read, this list determines whether to grant
@@ -32,6 +32,8 b' def log(web, req, tmpl):'
32 return changelog(web, req, tmpl)
32 return changelog(web, req, tmpl)
33
33
34 def rawfile(web, req, tmpl):
34 def rawfile(web, req, tmpl):
35 guessmime = web.configbool('web', 'guessmime', False)
36
35 path = webutil.cleanpath(web.repo, req.form.get('file', [''])[0])
37 path = webutil.cleanpath(web.repo, req.form.get('file', [''])[0])
36 if not path:
38 if not path:
37 content = manifest(web, req, tmpl)
39 content = manifest(web, req, tmpl)
@@ -50,9 +52,11 b' def rawfile(web, req, tmpl):'
50
52
51 path = fctx.path()
53 path = fctx.path()
52 text = fctx.data()
54 text = fctx.data()
53 mt = mimetypes.guess_type(path)[0]
55 mt = 'application/binary'
54 if mt is None:
56 if guessmime:
55 mt = binary(text) and 'application/octet-stream' or 'text/plain'
57 mt = mimetypes.guess_type(path)[0]
58 if mt is None:
59 mt = binary(text) and 'application/binary' or 'text/plain'
56 if mt.startswith('text/'):
60 if mt.startswith('text/'):
57 mt += '; charset="%s"' % encoding.encoding
61 mt += '; charset="%s"' % encoding.encoding
58
62
@@ -22,6 +22,28 b' Test raw style of hgweb'
22 $ sleep 1 # wait for server to scream and die
22 $ sleep 1 # wait for server to scream and die
23 $ cat getoutput.txt
23 $ cat getoutput.txt
24 200 Script output follows
24 200 Script output follows
25 content-type: application/binary
26 content-length: 157
27 content-disposition: inline; filename="some \"text\".txt"
28
29 This is just some random text
30 that will go inside the file and take a few lines.
31 It is very boring to read, but computers don't
32 care about things like that.
33 $ cat access.log error.log
34 127.0.0.1 - - [*] "GET /?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw HTTP/1.1" 200 - (glob)
35
36 $ rm access.log error.log
37 $ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid \
38 > --config web.guessmime=True
39
40 $ cat hg.pid >> $DAEMON_PIDS
41 $ ("$TESTDIR/get-with-headers.py" localhost:$HGPORT '/?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw' content-type content-length content-disposition) >getoutput.txt &
42 $ sleep 5
43 $ kill `cat hg.pid`
44 $ sleep 1 # wait for server to scream and die
45 $ cat getoutput.txt
46 200 Script output follows
25 content-type: text/plain; charset="ascii"
47 content-type: text/plain; charset="ascii"
26 content-length: 157
48 content-length: 157
27 content-disposition: inline; filename="some \"text\".txt"
49 content-disposition: inline; filename="some \"text\".txt"
General Comments 0
You need to be logged in to leave comments. Login now