hgweb: extract path traversal checking into standalone function
A common exploit in web applications that access paths is to insert
path separator strings like ".." to try to get the server to serve up
files it shouldn't.
We have code for detecting this in staticfile(). A subsequent commit
will need to perform this test as well. Since this is security code,
let's factor the check so we don't have to reinvent the wheel.
SOURCES=$(notdir $(wildcard ../mercurial/help/*.[0-9].txt))
MAN=$(SOURCES:%.txt=%)
HTML=$(SOURCES:%.txt=%.html)
GENDOC=gendoc.py ../mercurial/commands.py ../mercurial/help.py \
../mercurial/help/*.txt ../hgext/*.py ../hgext/*/__init__.py
PREFIX=/usr/local
MANDIR=$(PREFIX)/share/man
INSTALL=install -c -m 644
PYTHON=python
RSTARGS=
export HGENCODING=UTF-8
all: man html
man: $(MAN)
html: $(HTML)
common.txt $(SOURCES) $(SOURCES:%.txt=%.gendoc.txt): $(GENDOC)
${PYTHON} gendoc.py $(basename $@) > $@.tmp
mv $@.tmp $@
%: %.txt %.gendoc.txt common.txt
$(PYTHON) runrst hgmanpage $(RSTARGS) --halt warning \
--strip-elements-with-class htmlonly $*.txt $*
%.html: %.txt %.gendoc.txt common.txt
$(PYTHON) runrst html $(RSTARGS) --halt warning \
--link-stylesheet --stylesheet-path style.css $*.txt $*.html
MANIFEST: man html
# tracked files are already in the main MANIFEST
$(RM) $@
for i in $(MAN) $(HTML); do \
echo "doc/$$i" >> $@ ; \
done
install: man
for i in $(MAN) ; do \
subdir=`echo $$i | sed -n 's/^.*\.\([0-9]\)$$/man\1/p'` ; \
mkdir -p $(DESTDIR)$(MANDIR)/$$subdir ; \
$(INSTALL) $$i $(DESTDIR)$(MANDIR)/$$subdir ; \
done
clean:
$(RM) $(MAN) $(HTML) common.txt $(SOURCES) $(SOURCES:%.txt=%.gendoc.txt) MANIFEST