##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

util: add utility method to check for bad ssh urls (SEC)...
util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.
av6 - - Load All Authors

File last commit:

r26284:c258f4d2 default
r33723:0b3fe391 stable
Show More
header.tmpl
8 lines | 549 B | application/x-cheetah | CheetahLexer
/ mercurial / templates / coal / header.tmpl
History | Annotation | Raw |Copy content |Copy permalink
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US">
<head>
<link rel="icon" href="{staticurl|urlescape}hgicon.png" type="image/png" />
<meta name="robots" content="index, nofollow" />
<link rel="stylesheet" href="{staticurl|urlescape}style-paper.css" type="text/css" />
<link rel="stylesheet" href="{staticurl|urlescape}style-extra-coal.css" type="text/css" />
<script type="text/javascript" src="{staticurl|urlescape}mercurial.js"></script>