upstream/mercurial-mirror Files · mercurial/i18n.py

subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC)...

subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC) CVE-2016-3068 (1/1) Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. This feature allows implementing simple git smart transports with a single shell shell command. However, git submodules could clone arbitrary URLs specified in the .gitmodules file. This was reported as CVE-2015-7545 and fixed in git v2.6.1. However, if a user directly clones a malicious ext URL, the git client will still run arbitrary shell commands. Mercurial is similarly effected. Mercurial allows specifying git repositories as subrepositories. Git ext:: URLs can be specified as Mercurial subrepositories allowing arbitrary shell commands to be run on `hg clone ...`. The Mercurial community would like to thank Blake Burkhart for reporting this issue. The description of the issue is copied from Blake's report. This commit changes submodules to pass the GIT_ALLOW_PROTOCOL env variable to git commands with the same list of allowed protocols that git submodule is using. When the GIT_ALLOW_PROTOCOL env variable is already set, we just pass it to git without modifications.

Gregory Szorc - - Load All Authors

File last commit:

r25955:2c07c688 default


                r28658:34d43cb8

stable

Download file

             i18n.py
        
                    96 lines
            
             | 3.3 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / i18n.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # i18n.py - internationalization support for mercurial

      #

      # Copyright 2005, 2006 Matt Mackall <mpm@selenic.com>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      from __future__ import absolute_import

      import gettext as gettextmod

      import locale

      import os

      import sys

      from . import encoding

      # modelled after templater.templatepath:

      if getattr(sys, 'frozen', None) is not None:

          module = sys.executable

      else:

          module = __file__

      _languages = None

      if (os.name == 'nt'

          and 'LANGUAGE' not in os.environ

          and 'LC_ALL' not in os.environ

          and 'LC_MESSAGES' not in os.environ

          and 'LANG' not in os.environ):

          # Try to detect UI language by "User Interface Language Management" API

          # if no locale variables are set. Note that locale.getdefaultlocale()

          # uses GetLocaleInfo(), which may be different from UI language.

          # (See http://msdn.microsoft.com/en-us/library/dd374098(v=VS.85).aspx )

          try:

              import ctypes

              langid = ctypes.windll.kernel32.GetUserDefaultUILanguage()

              _languages = [locale.windows_locale[langid]]

          except (ImportError, AttributeError, KeyError):

              # ctypes not found or unknown langid

              pass

      _ugettext = None

      def setdatapath(datapath):

          localedir = os.path.join(datapath, 'locale')

          t = gettextmod.translation('hg', localedir, _languages, fallback=True)

          global _ugettext

          _ugettext = t.ugettext

      _msgcache = {}

      def gettext(message):

          """Translate message.

          The message is looked up in the catalog to get a Unicode string,

          which is encoded in the local encoding before being returned.

          Important: message is restricted to characters in the encoding

          given by sys.getdefaultencoding() which is most likely 'ascii'.

          """

          # If message is None, t.ugettext will return u'None' as the

          # translation whereas our callers expect us to return None.

          if message is None or not _ugettext:

              return message

          if message not in _msgcache:

              if type(message) is unicode:

                  # goofy unicode docstrings in test

                  paragraphs = message.split(u'\n\n')

              else:

                  paragraphs = [p.decode("ascii") for p in message.split('\n\n')]

              # Be careful not to translate the empty string -- it holds the

              # meta data of the .po file.

              u = u'\n\n'.join([p and _ugettext(p) or '' for p in paragraphs])

              try:

                  # encoding.tolocal cannot be used since it will first try to

                  # decode the Unicode string. Calling u.decode(enc) really

                  # means u.encode(sys.getdefaultencoding()).decode(enc). Since

                  # the Python encoding defaults to 'ascii', this fails if the

                  # translated string use non-ASCII characters.

                  _msgcache[message] = u.encode(encoding.encoding, "replace")

              except LookupError:

                  # An unknown encoding results in a LookupError.

                  _msgcache[message] = message

          return _msgcache[message]

      def _plain():

          if 'HGPLAIN' not in os.environ and 'HGPLAINEXCEPT' not in os.environ:

              return False

          exceptions = os.environ.get('HGPLAINEXCEPT', '').strip().split(',')

          return 'i18n' not in exceptions

      if _plain():

          _ = lambda message: message

      else:

          _ = gettext

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# i18n.py - internationalization support for mercurial
				#
				# Copyright 2005, 2006 Matt Mackall <mpm@selenic.com>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				from __future__ import absolute_import

				import gettext as gettextmod
				import locale
				import os
				import sys

				from . import encoding

				# modelled after templater.templatepath:
				if getattr(sys, 'frozen', None) is not None:
				module = sys.executable
				else:
				module = __file__


				_languages = None
				if (os.name == 'nt'
				and 'LANGUAGE' not in os.environ
				and 'LC_ALL' not in os.environ
				and 'LC_MESSAGES' not in os.environ
				and 'LANG' not in os.environ):
				# Try to detect UI language by "User Interface Language Management" API
				# if no locale variables are set. Note that locale.getdefaultlocale()
				# uses GetLocaleInfo(), which may be different from UI language.
				# (See http://msdn.microsoft.com/en-us/library/dd374098(v=VS.85).aspx )
				try:
				import ctypes
				langid = ctypes.windll.kernel32.GetUserDefaultUILanguage()
				_languages = [locale.windows_locale[langid]]
				except (ImportError, AttributeError, KeyError):
				# ctypes not found or unknown langid
				pass

				_ugettext = None

				def setdatapath(datapath):
				localedir = os.path.join(datapath, 'locale')
				t = gettextmod.translation('hg', localedir, _languages, fallback=True)
				global _ugettext
				_ugettext = t.ugettext

				_msgcache = {}

				def gettext(message):
				"""Translate message.

				The message is looked up in the catalog to get a Unicode string,
				which is encoded in the local encoding before being returned.

				Important: message is restricted to characters in the encoding
				given by sys.getdefaultencoding() which is most likely 'ascii'.
				"""
				# If message is None, t.ugettext will return u'None' as the
				# translation whereas our callers expect us to return None.
				if message is None or not _ugettext:
				return message

				if message not in _msgcache:
				if type(message) is unicode:
				# goofy unicode docstrings in test
				paragraphs = message.split(u'\n\n')
				else:
				paragraphs = [p.decode("ascii") for p in message.split('\n\n')]
				# Be careful not to translate the empty string -- it holds the
				# meta data of the .po file.
				u = u'\n\n'.join([p and _ugettext(p) or '' for p in paragraphs])
				try:
				# encoding.tolocal cannot be used since it will first try to
				# decode the Unicode string. Calling u.decode(enc) really
				# means u.encode(sys.getdefaultencoding()).decode(enc). Since
				# the Python encoding defaults to 'ascii', this fails if the
				# translated string use non-ASCII characters.
				_msgcache[message] = u.encode(encoding.encoding, "replace")
				except LookupError:
				# An unknown encoding results in a LookupError.
				_msgcache[message] = message
				return _msgcache[message]

				def _plain():
				if 'HGPLAIN' not in os.environ and 'HGPLAINEXCEPT' not in os.environ:
				return False
				exceptions = os.environ.get('HGPLAINEXCEPT', '').strip().split(',')
				return 'i18n' not in exceptions

				if _plain():
				_ = lambda message: message
				else:
				_ = gettext