Show More
| @@ -1154,6 +1154,13 b' The full set of options is:' | |||
|
|
1154 | 1154 | be present in this list. The contents of the allow_push list are |
|
|
1155 | 1155 | examined after the deny_push list. |
|
|
1156 | 1156 | |
|
|
1157 | ``guessmime`` | |
|
|
1158 | Control MIME types for raw download of file content. | |
|
|
1159 | Set to True to let hgweb guess the content type from the file | |
|
|
1160 | extension. This will serve HTML files as ``text/html`` and might | |
|
|
1161 | allow cross-site scripting attacks when serving untrusted | |
|
|
1162 | repositories. Default is False. | |
|
|
1163 | ||
|
|
1157 | 1164 | ``allow_read`` |
|
|
1158 | 1165 | If the user has not already been denied repository access due to |
|
|
1159 | 1166 | the contents of deny_read, this list determines whether to grant |
| @@ -32,6 +32,8 b' def log(web, req, tmpl):' | |||
|
|
32 | 32 | return changelog(web, req, tmpl) |
|
|
33 | 33 | |
|
|
34 | 34 | def rawfile(web, req, tmpl): |
|
|
35 | guessmime = web.configbool('web', 'guessmime', False) | |
|
|
36 | ||
|
|
35 | 37 | path = webutil.cleanpath(web.repo, req.form.get('file', [''])[0]) |
|
|
36 | 38 | if not path: |
|
|
37 | 39 | content = manifest(web, req, tmpl) |
| @@ -50,9 +52,11 b' def rawfile(web, req, tmpl):' | |||
|
|
50 | 52 | |
|
|
51 | 53 | path = fctx.path() |
|
|
52 | 54 | text = fctx.data() |
|
|
53 | mt = mimetypes.guess_type(path)[0] | |
|
|
54 |
if |
|
|
|
55 | mt = binary(text) and 'application/octet-stream' or 'text/plain' | |
|
|
55 | mt = 'application/binary' | |
|
|
56 | if guessmime: | |
|
|
57 | mt = mimetypes.guess_type(path)[0] | |
|
|
58 | if mt is None: | |
|
|
59 | mt = binary(text) and 'application/binary' or 'text/plain' | |
|
|
56 | 60 | if mt.startswith('text/'): |
|
|
57 | 61 | mt += '; charset="%s"' % encoding.encoding |
|
|
58 | 62 | |
| @@ -22,6 +22,28 b' Test raw style of hgweb' | |||
|
|
22 | 22 | $ sleep 1 # wait for server to scream and die |
|
|
23 | 23 | $ cat getoutput.txt |
|
|
24 | 24 | 200 Script output follows |
|
|
25 | content-type: application/binary | |
|
|
26 | content-length: 157 | |
|
|
27 | content-disposition: inline; filename="some \"text\".txt" | |
|
|
28 | ||
|
|
29 | This is just some random text | |
|
|
30 | that will go inside the file and take a few lines. | |
|
|
31 | It is very boring to read, but computers don't | |
|
|
32 | care about things like that. | |
|
|
33 | $ cat access.log error.log | |
|
|
34 | 127.0.0.1 - - [*] "GET /?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw HTTP/1.1" 200 - (glob) | |
|
|
35 | ||
|
|
36 | $ rm access.log error.log | |
|
|
37 | $ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid \ | |
|
|
38 | > --config web.guessmime=True | |
|
|
39 | ||
|
|
40 | $ cat hg.pid >> $DAEMON_PIDS | |
|
|
41 | $ ("$TESTDIR/get-with-headers.py" localhost:$HGPORT '/?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw' content-type content-length content-disposition) >getoutput.txt & | |
|
|
42 | $ sleep 5 | |
|
|
43 | $ kill `cat hg.pid` | |
|
|
44 | $ sleep 1 # wait for server to scream and die | |
|
|
45 | $ cat getoutput.txt | |
|
|
46 | 200 Script output follows | |
|
|
25 | 47 | content-type: text/plain; charset="ascii" |
|
|
26 | 48 | content-length: 157 |
|
|
27 | 49 | content-disposition: inline; filename="some \"text\".txt" |
General Comments 0
You need to be logged in to leave comments.
Login now