upstream/mercurial-mirror Files · hgext/graphlog.py

hgweb: fix trust of templates path (BC)...

hgweb: fix trust of templates path (BC) Long ago we disabled trust of the templates path with a comment describing the (insecure) behavior before the change. At some later refactor, the code was apparently changed back to match the comment, unaware that the intent of the comment was to describe the behavior to avoid. This change disables the trust and updates the comment to explicitly say not only what the old problem was, but also that it was in fact a problem and the action taken to prevent it. Impact: prior to this change, if you had a UNIX-based hgweb server where users can write hgrc files, those users could potentially read any file readable by the web server. This is marked as a backwards compatibility issue because people may have configured templates without proper trust settings. Issue spotted by Greg Szorc.

Augie Fackler - - Load All Authors

File last commit:

r25186:80c5b266 default


                r26120:1a45e49a

3.5.1 stable

Download file

             graphlog.py
        
                    62 lines
            
             | 2.4 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / hgext / graphlog.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # ASCII graph log extension for Mercurial

      #

      # Copyright 2007 Joel Rosdahl <joel@rosdahl.net>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      '''command to view revision graphs from a shell (DEPRECATED)

      The functionality of this extension has been include in core Mercurial

      since version 2.3.

      This extension adds a --graph option to the incoming, outgoing and log

      commands. When this options is given, an ASCII representation of the

      revision graph is also shown.

      '''

      from mercurial.i18n import _

      from mercurial import cmdutil, commands

      cmdtable = {}

      command = cmdutil.command(cmdtable)

      # Note for extension authors: ONLY specify testedwith = 'internal' for

      # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should

      # be specifying the version(s) of Mercurial they are tested with, or

      # leave the attribute unspecified.

      testedwith = 'internal'

      @command('glog',

          [('f', 'follow', None,

           _('follow changeset history, or file history across copies and renames')),

          ('', 'follow-first', None,

           _('only follow the first parent of merge changesets (DEPRECATED)')),

          ('d', 'date', '', _('show revisions matching date spec'), _('DATE')),

          ('C', 'copies', None, _('show copied files')),

          ('k', 'keyword', [],

           _('do case-insensitive search for a given text'), _('TEXT')),

          ('r', 'rev', [], _('show the specified revision or revset'), _('REV')),

          ('', 'removed', None, _('include revisions where files were removed')),

          ('m', 'only-merges', None, _('show only merges (DEPRECATED)')),

          ('u', 'user', [], _('revisions committed by user'), _('USER')),

          ('', 'only-branch', [],

           _('show only changesets within the given named branch (DEPRECATED)'),

           _('BRANCH')),

          ('b', 'branch', [],

           _('show changesets within the given named branch'), _('BRANCH')),

          ('P', 'prune', [],

           _('do not display revision or any of its ancestors'), _('REV')),

          ] + commands.logopts + commands.walkopts,

          _('[OPTION]... [FILE]'),

          inferrepo=True)

      def graphlog(ui, repo, *pats, **opts):

          """show revision history alongside an ASCII revision graph

          Print a revision history alongside a revision graph drawn with

          ASCII characters.

          Nodes printed as an @ character are parents of the working

          directory.

          """

          opts['graph'] = True

          return commands.log(ui, repo, *pats, **opts)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# ASCII graph log extension for Mercurial
				#
				# Copyright 2007 Joel Rosdahl <joel@rosdahl.net>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				'''command to view revision graphs from a shell (DEPRECATED)

				The functionality of this extension has been include in core Mercurial
				since version 2.3.

				This extension adds a --graph option to the incoming, outgoing and log
				commands. When this options is given, an ASCII representation of the
				revision graph is also shown.
				'''

				from mercurial.i18n import _
				from mercurial import cmdutil, commands

				cmdtable = {}
				command = cmdutil.command(cmdtable)
				# Note for extension authors: ONLY specify testedwith = 'internal' for
				# extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
				# be specifying the version(s) of Mercurial they are tested with, or
				# leave the attribute unspecified.
				testedwith = 'internal'

				@command('glog',
				[('f', 'follow', None,
				_('follow changeset history, or file history across copies and renames')),
				('', 'follow-first', None,
				_('only follow the first parent of merge changesets (DEPRECATED)')),
				('d', 'date', '', _('show revisions matching date spec'), _('DATE')),
				('C', 'copies', None, _('show copied files')),
				('k', 'keyword', [],
				_('do case-insensitive search for a given text'), _('TEXT')),
				('r', 'rev', [], _('show the specified revision or revset'), _('REV')),
				('', 'removed', None, _('include revisions where files were removed')),
				('m', 'only-merges', None, _('show only merges (DEPRECATED)')),
				('u', 'user', [], _('revisions committed by user'), _('USER')),
				('', 'only-branch', [],
				_('show only changesets within the given named branch (DEPRECATED)'),
				_('BRANCH')),
				('b', 'branch', [],
				_('show changesets within the given named branch'), _('BRANCH')),
				('P', 'prune', [],
				_('do not display revision or any of its ancestors'), _('REV')),
				] + commands.logopts + commands.walkopts,
				_('[OPTION]... [FILE]'),
				inferrepo=True)
				def graphlog(ui, repo, pats, *opts):
				"""show revision history alongside an ASCII revision graph

				Print a revision history alongside a revision graph drawn with
				ASCII characters.

				Nodes printed as an @ character are parents of the working
				directory.
				"""
				opts['graph'] = True
				return commands.log(ui, repo, pats, *opts)