##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

hgweb: extract path traversal checking into standalone function...
hgweb: extract path traversal checking into standalone function A common exploit in web applications that access paths is to insert path separator strings like ".." to try to get the server to serve up files it shouldn't. We have code for detecting this in staticfile(). A subsequent commit will need to perform this test as well. Since this is security code, let's factor the check so we don't have to reinvent the wheel.
Denis Laxalde - - Load All Authors

File last commit:

r31702:00f996f0 default
r31790:62f9679d default
Show More
map-cmdline.default
82 lines | 3.2 KiB | text/plain | TextLexer
/ mercurial / templates / map-cmdline.default
History | Annotation | Raw |Copy content |Copy permalink
# Base templates. Due to name clashes with existing keywords, we have
# to replace some keywords with 'lkeyword', for 'labelled keyword'
changeset = '{cset}{branches}{bookmarks}{tags}{parents}{user}{ldate}{ltroubles}{summary}\n'
changeset_quiet = '{lnode}'
changeset_verbose = '{cset}{branches}{bookmarks}{tags}{parents}{user}{ldate}{ltroubles}{lfiles}{lfile_copies_switch}{description}\n'
changeset_debug = '{fullcset}{branches}{bookmarks}{tags}{lphase}{parents}{manifest}{user}{ldate}{ltroubles}{lfile_mods}{lfile_adds}{lfile_dels}{lfile_copies_switch}{extras}{description}\n'
# File templates
lfiles = '{if(files,
label("ui.note log.files",
"files: {files}\n"))}'
lfile_mods = '{if(file_mods,
label("ui.debug log.files",
"files: {file_mods}\n"))}'
lfile_adds = '{if(file_adds,
label("ui.debug log.files",
"files+: {file_adds}\n"))}'
lfile_dels = '{if(file_dels,
label("ui.debug log.files",
"files-: {file_dels}\n"))}'
lfile_copies_switch = '{if(file_copies_switch,
label("ui.note log.copies",
"copies: {file_copies_switch
% ' {name} ({source})'}\n"))}'
# General templates
_trouble_label = 'trouble.{trouble}'
_troubles_labels = '{if(troubles, "changeset.troubled {troubles%_trouble_label}")}'
_obsolete_label = '{if(obsolete, "changeset.obsolete")}'
_cset_labels = '{separate(" ", "log.changeset", "changeset.{phase}", "{_obsolete_label}", "{_troubles_labels}")}'
cset = '{label("{_cset_labels}",
"changeset: {rev}:{node|short}")}\n'
lphase = '{label("log.phase",
"phase: {phase}")}\n'
fullcset = '{label("{_cset_labels}",
"changeset: {rev}:{node}")}\n'
parent = '{label("log.parent changeset.{phase}",
"parent: {rev}:{node|formatnode}")}\n'
lnode = '{label("log.node",
"{rev}:{node|short}")}\n'
manifest = '{label("ui.debug log.manifest",
"manifest: {rev}:{node}")}\n'
branch = '{label("log.branch",
"branch: {branch}")}\n'
tag = '{label("log.tag",
"tag: {tag}")}\n'
bookmark = '{label("log.bookmark",
"bookmark: {bookmark}")}\n'
user = '{label("log.user",
"user: {author}")}\n'
summary = '{if(desc|strip, "{label('log.summary',
'summary: {desc|firstline}')}\n")}'
ldate = '{label("log.date",
"date: {date|date}")}\n'
ltroubles = '{if(troubles, "{label('log.trouble',
'trouble: {join(troubles, ", ")}')}\n")}'
extra = '{label("ui.debug log.extra",
"extra: {key}={value|stringescape}")}\n'
description = '{if(desc|strip, "{label('ui.note log.description',
'description:')}
{label('ui.note log.description',
'{desc|strip}')}\n\n")}'
status = '{status} {path}\n{if(copy, " {copy}\n")}'