##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r31844:478999e8 default
r32050:77eaf953 4.1.3 stable
Show More
test-update-names.t
90 lines | 2.2 KiB | text/troff | Tads3Lexer
Test update logic when there are renames or weird same-name cases between dirs
and files
Update with local changes across a file rename
$ hg init r1 && cd r1
$ echo a > a
$ hg add a
$ hg ci -m a
$ hg mv a b
$ hg ci -m rename
$ echo b > b
$ hg ci -m change
$ hg up -q 0
$ echo c > a
$ hg up
merging a and b to b
warning: conflicts while merging b! (edit, then use 'hg resolve --mark')
0 files updated, 0 files merged, 0 files removed, 1 files unresolved
use 'hg resolve' to retry unresolved file merges
[1]
Test update when local untracked directory exists with the same name as a
tracked file in a commit we are updating to
$ hg init r2 && cd r2
$ echo root > root && hg ci -Am root # rev 0
adding root
$ echo text > name && hg ci -Am "name is a file" # rev 1
adding name
$ hg up 0
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ mkdir name
$ hg up 1
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
Test update when local untracked directory exists with some files in it and has
the same name a tracked file in a commit we are updating to. In future this
should be updated to give an friendlier error message, but now we should just
make sure that this does not erase untracked data
$ hg up 0
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ mkdir name
$ echo text > name/file
$ hg st
? name/file
$ hg up 1
abort: *: '$TESTTMP/r1/r2/name' (glob)
[255]
$ cd ..
#if symlink
Test update when two commits have symlinks that point to different folders
$ hg init r3 && cd r3
$ echo root > root && hg ci -Am root
adding root
$ mkdir folder1 && mkdir folder2
$ ln -s folder1 folder
$ hg ci -Am "symlink to folder1"
adding folder
$ rm folder
$ ln -s folder2 folder
$ hg ci -Am "symlink to folder2"
$ hg up 1
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ cd ..
#endif
#if rmcwd
Test that warning is printed if cwd is deleted during update
$ hg init r4 && cd r4
$ mkdir dir
$ cd dir
$ echo a > a
$ echo b > b
$ hg add a b
$ hg ci -m "file and dir"
$ hg up -q null
current directory was removed
(consider changing to repo root: $TESTTMP/r1/r4)
#endif