##// END OF EJS Templates
context: use a the nofsauditor when matching file in history (issue4749)...
context: use a the nofsauditor when matching file in history (issue4749) Before this change, asking for file from history (eg: 'hg cat -r 42 foo/bar') could fail because of the current content of the working copy (eg: current "foo" being a symlink). As the working copy state have no influence on the content of the history, we can safely skip these checks. The working copy context class have a different 'match' implementation. That implementation still use the repo.auditor will still catch symlink traversal. I've audited all stuff calling "match" and they all go through a ctx in a sensible way. The most unclear case was diff which still seemed okay. You raised my paranoid level today and I double checked through tests. They behave properly. The odds of someone using the wrong (matching with a changectx for operation that will eventually touch the file system) is non-zero because you are never sure of what people will do. But I dunno if we can fight against that. So I would not commit to "never" for "at this level" and "in the future" if someone write especially bad code. However, as a last defense, the vfs itself is running path auditor in all cases outside of .hg/. So I think anything passing the 'matcher' for buggy reason would growl at the vfs layer.
Pierre-Yves David -
r27234:15c6eb0a default
Show More
Name Size Modified Last Commit Author
contrib
doc
hgext
i18n
mercurial
tests
.hgignore Loading ...
.hgsigs Loading ...
.hgtags Loading ...
CONTRIBUTORS Loading ...
COPYING Loading ...
Makefile Loading ...
README Loading ...
hg Loading ...
hgeditor Loading ...
hgweb.cgi Loading ...
setup.py Loading ...

Mercurial
=========

Mercurial is a fast, easy to use, distributed revision control tool
for software developers.

Basic install:

$ make # see install targets
$ make install # do a system-wide install
$ hg debuginstall # sanity-check setup
$ hg # see help

Running without installing:

$ make local # build for inplace usage
$ ./hg --version # should show the latest version

See https://mercurial-scm.org/ for detailed installation
instructions, platform-specific notes, and Mercurial user information.