upstream/mercurial-mirror Files · mercurial/hgweb/__init__.py

hgweb: prevent loading style map from directories other than specified paths...

hgweb: prevent loading style map from directories other than specified paths A style name should not contain "/", "\", "." and "..". Otherwise, templates could be loaded from outside of the specified templates directory by invalid ?style= parameter. hgweb should not allow such requests. This change means subdir/name is also rejected.

Matt Mackall - - Load All Authors

File last commit:

r10996:f6d41bfc default


                r24296:b73a22d1

stable

Download file

             __init__.py
        
                    31 lines
            
             | 1.0 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / hgweb / __init__.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # hgweb/__init__.py - web interface to a mercurial repository

      #

      # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>

      # Copyright 2005 Matt Mackall <mpm@selenic.com>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      import os

      import hgweb_mod, hgwebdir_mod

      def hgweb(config, name=None, baseui=None):

          '''create an hgweb wsgi object

          config can be one of:

          - repo object (single repo view)

          - path to repo (single repo view)

          - path to config file (multi-repo view)

          - dict of virtual:real pairs (multi-repo view)

          - list of virtual:real tuples (multi-repo view)

          '''

          if ((isinstance(config, str) and not os.path.isdir(config)) or

              isinstance(config, dict) or isinstance(config, list)):

              # create a multi-dir interface

              return hgwebdir_mod.hgwebdir(config, baseui=baseui)

          return hgweb_mod.hgweb(config, name=name, baseui=baseui)

      def hgwebdir(config, baseui=None):

          return hgwebdir_mod.hgwebdir(config, baseui=baseui)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# hgweb/__init__.py - web interface to a mercurial repository
				#
				# Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
				# Copyright 2005 Matt Mackall <mpm@selenic.com>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				import os
				import hgweb_mod, hgwebdir_mod

				def hgweb(config, name=None, baseui=None):
				'''create an hgweb wsgi object

				config can be one of:
				- repo object (single repo view)
				- path to repo (single repo view)
				- path to config file (multi-repo view)
				- dict of virtual:real pairs (multi-repo view)
				- list of virtual:real tuples (multi-repo view)
				'''

				if ((isinstance(config, str) and not os.path.isdir(config)) or
				isinstance(config, dict) or isinstance(config, list)):
				# create a multi-dir interface
				return hgwebdir_mod.hgwebdir(config, baseui=baseui)
				return hgweb_mod.hgweb(config, name=name, baseui=baseui)

				def hgwebdir(config, baseui=None):
				return hgwebdir_mod.hgwebdir(config, baseui=baseui)