##// END OF EJS Templates
hgweb: support constructing URLs from an alternate base URL...
hgweb: support constructing URLs from an alternate base URL The web.baseurl config option allows server operators to define a custom URL for hosted content. The way it works today is that hgwebdir parses this config option into URL components then updates the appropriate WSGI environment variables so the request "lies" about its details. For example, SERVER_NAME is updated to reflect the alternate base URL's hostname. The WSGI environment should not be modified because WSGI applications may want to know the original request details (for debugging, etc). This commit teaches our request parser about the existence of an alternate base URL. If defined, the advertised URL and other self-reflected paths will take the alternate base URL into account. The hgweb WSGI application didn't use web.baseurl. But hgwebdir did. We update hgwebdir to alter the environment parsing accordingly. The old code around environment manipulation has been removed. With this change, parserequestfromenv() has grown to a bit unwieldy. Now that practically everyone is using it, it is obvious that there is some unused features that can be trimmed. So look for this in follow-up commits. Differential Revision: https://phab.mercurial-scm.org/D2822

File last commit:

r36502:71d1bbf1 default
r36916:219b2335 default
Show More
test-revlog.t
47 lines | 1.3 KiB | text/troff | Tads3Lexer
$ hg init empty-repo
$ cd empty-repo
Flags on revlog version 0 are rejected
>>> with open('.hg/store/00changelog.i', 'wb') as fh:
... fh.write(b'\x00\x01\x00\x00')
$ hg log
abort: unknown flags (0x01) in version 0 revlog 00changelog.i!
[255]
Unknown flags on revlog version 1 are rejected
>>> with open('.hg/store/00changelog.i', 'wb') as fh:
... fh.write(b'\x00\x04\x00\x01')
$ hg log
abort: unknown flags (0x04) in version 1 revlog 00changelog.i!
[255]
Unknown version is rejected
>>> with open('.hg/store/00changelog.i', 'wb') as fh:
... fh.write(b'\x00\x00\x00\x02')
$ hg log
abort: unknown version (2) in revlog 00changelog.i!
[255]
$ cd ..
Test for CVE-2016-3630
$ hg init
>>> open("a.i", "wb").write(
... b"""eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
... .decode("base64").decode("zlib"))
$ hg debugindex a.i
rev offset length delta linkrev nodeid p1 p2
0 0 19 -1 2 99e0332bd498 000000000000 000000000000
1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000
$ hg debugdata a.i 1 2>&1 | egrep 'Error:.*decoded'
(mercurial\.\w+\.mpatch\.)?mpatchError: patch cannot be decoded (re)