##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

util: add utility method to check for bad ssh urls (SEC)...
util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.
Yuya Nishihara - - Load All Authors

File last commit:

r29000:2d3837a4 stable
r33723:0b3fe391 stable
Show More
map-cmdline.status
20 lines | 957 B | text/plain | TextLexer
/ mercurial / templates / map-cmdline.status
History | Annotation | Raw |Copy content |Copy permalink
%include map-cmdline.default
# Override base templates
changeset = '{cset}{branches}{bookmarks}{tags}{parents}{user}{ldate}{summary}{lfiles}\n'
changeset_verbose = '{cset}{branches}{bookmarks}{tags}{parents}{user}{ldate}{description}{lfiles}\n'
changeset_debug = '{fullcset}{branches}{bookmarks}{tags}{lphase}{parents}{manifest}{user}{ldate}{extras}{description}{lfiles}\n'
# Override the file templates
lfiles = '{if(files,
label('ui.note log.files',
'files:\n'))}{lfile_mods}{lfile_adds}{lfile_dels}'
lfile_adds = '{file_adds % "{lfile_add}{lfile_src}"}'
lfile_mods = '{file_mods % "{lfile_mod}{lfile_src}"}'
lfile_add = '{label("status.added", "A {file}\n")}'
lfile_mod = '{label("status.modified", "M {file}\n")}'
lfile_src = '{ifcontains(file, file_copies_switch,
label("status.copied", " {get(file_copies_switch, file)}\n"))}'
lfile_dels = '{file_dels % "{label('status.removed', 'R {file}\n')}"}'