##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: synchronize hostname matching logic with CPython...
sslutil: synchronize hostname matching logic with CPython sslutil contains its own hostname matching logic. CPython has code for the same intent. However, it is only available to Python 2.7.9+ (or distributions that have backported 2.7.9's ssl module improvements). This patch effectively imports CPython's hostname matching code from its ssl.py into sslutil.py. The hostname matching code itself is pretty similar. However, the DNS name matching code is much more robust and spec conformant. As the test changes show, this changes some behavior around wildcard handling and IDNA matching. The new behavior allows wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com') This is spec compliant according to RFC 6125 Section 6.5.3 item 3. There is one test where the matcher is more strict. Before, '*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking this is a security vulnerability.
Matt Mackall - - Load All Authors

File last commit:

r25472:4d2b9b30 default
r29452:26a5d605 3.8.4 stable
Show More
test-hgweb-raw.t
58 lines | 1.9 KiB | text/troff | Tads3Lexer
/ tests / test-hgweb-raw.t
History | Annotation | Raw |Copy content |Copy permalink
#require serve
Test raw style of hgweb
$ hg init test
$ cd test
$ mkdir sub
$ cat >'sub/some text%.txt' <<ENDSOME
> This is just some random text
> that will go inside the file and take a few lines.
> It is very boring to read, but computers don't
> care about things like that.
> ENDSOME
$ hg add 'sub/some text%.txt'
$ hg commit -d "1 0" -m "Just some text"
$ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid
$ cat hg.pid >> $DAEMON_PIDS
$ (get-with-headers.py localhost:$HGPORT '?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw' content-type content-length content-disposition) >getoutput.txt
$ killdaemons.py hg.pid
$ cat getoutput.txt
200 Script output follows
content-type: application/binary
content-length: 157
content-disposition: inline; filename="some text%.txt"
This is just some random text
that will go inside the file and take a few lines.
It is very boring to read, but computers don't
care about things like that.
$ cat access.log error.log
127.0.0.1 - - [*] "GET /?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw HTTP/1.1" 200 - (glob)
$ rm access.log error.log
$ hg serve -p $HGPORT -A access.log -E error.log -d --pid-file=hg.pid \
> --config web.guessmime=True
$ cat hg.pid >> $DAEMON_PIDS
$ (get-with-headers.py localhost:$HGPORT '?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw' content-type content-length content-disposition) >getoutput.txt
$ killdaemons.py hg.pid
$ cat getoutput.txt
200 Script output follows
content-type: text/plain; charset="ascii"
content-length: 157
content-disposition: inline; filename="some text%.txt"
This is just some random text
that will go inside the file and take a few lines.
It is very boring to read, but computers don't
care about things like that.
$ cat access.log error.log
127.0.0.1 - - [*] "GET /?f=bf0ff59095c9;file=sub/some%20text%25.txt;style=raw HTTP/1.1" 200 - (glob)
$ cd ..