##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

subrepo: add tests for svn rogue ssh urls (SEC)...
subrepo: add tests for svn rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.
av6 - - Load All Authors

File last commit:

r25794:90214844 default
r33730:60ee7af2 stable
Show More
manifest.tmpl
29 lines | 1.1 KiB | application/x-cheetah | CheetahLexer
/ mercurial / templates / spartan / manifest.tmpl
History | Annotation | Raw |Copy content |Copy permalink
{header}
<title>{repo|escape}: files for changeset {node|short}</title>
</head>
<body>
<div class="buttons">
<a href="{url|urlescape}log/{symrev}{sessionvars%urlparameter}">changelog</a>
<a href="{url|urlescape}shortlog/{symrev}{sessionvars%urlparameter}">shortlog</a>
<a href="{url|urlescape}graph/{symrev}{sessionvars%urlparameter}">graph</a>
<a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a>
<a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a>
<a href="{url|urlescape}rev/{symrev}{sessionvars%urlparameter}">changeset</a>
{archives%archiveentry}
<a href="{url|urlescape}help{sessionvars%urlparameter}">help</a>
</div>
<h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / files for changeset <a href="{url|urlescape}rev/{node|short}">{node|short}</a>: {path|escape}</h2>
<table cellpadding="0" cellspacing="0">
<tr class="parity{upparity}">
<td><tt>drwxr-xr-x</tt>&nbsp;
<td>&nbsp;
<td>&nbsp;
<td><a href="{url|urlescape}file/{symrev}{up|urlescape}{sessionvars%urlparameter}">[up]</a>
</tr>
{dentries%direntry}
{fentries%fileentry}
</table>
{footer}