Mercurial > hg-stable
view mercurial/changelog.py @ 22506:6e1fbcb18a75 stable
hgweb: fail if an invalid command was supplied in url path (issue4071)
Traditionally, the way to specify a command for hgweb was to use url query
arguments (e.g. "?cmd=batch"). If the command is unknown to hgweb, it gives an
error (e.g. "400 no such method: badcmd").
But there's also another way to specify a command: as a url path fragment (e.g.
"/graph"). Before, hgweb was made forgiving (looks like it was made in
44c5157474e7) and user could put any unknown command in the url. If hgweb
couldn't understand it, it would just silently fall back to the default
command, which depends on the actual style (e.g. for paper it's shortlog, for
monoblue it's summary). This was inconsistent and was breaking some tools that
rely on http status codes (as noted in the issue4071). So this patch changes
that behavior to the more consistent one, i.e. hgweb will now return "400 no
such method: badcmd".
So if some tool was relying on having an invalid command return http status
code 200 and also have some information, then it will stop working. That is, if
somebody typed foobar when they really meant shortlog (and the user was lucky
enough to choose a style where the default command is shortlog too), that fact
will now be revealed.
Code-wise, the changed if block is only relevant when there's no "?cmd" query
parameter (i.e. only when command is specified as a url path fragment), and
looks like the removed else branch was there only for falling back to default
command. With that removed, the rest of the code works as expected: it looks at
the command, and if it's not known, raises a proper ErrorResponse exception
with an appropriate message.
Evidently, there were no tests that required the old behavior. But, frankly, I
don't know any way to tell if anyone actually exploited such forgiving behavior
in some in-house tool.
| author | Anton Shestakov <engored@ya.ru> |
|---|---|
| date | Mon, 22 Sep 2014 23:46:38 +0900 |
| parents | 667df8f478d1 |
| children | 2b5940f64750 |
line wrap: on
line source
# changelog.py - changelog class for mercurial # # Copyright 2005-2007 Matt Mackall <mpm@selenic.com> # # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. from node import bin, hex, nullid from i18n import _ import util, error, revlog, encoding _defaultextra = {'branch': 'default'} def _string_escape(text): """ >>> d = {'nl': chr(10), 'bs': chr(92), 'cr': chr(13), 'nul': chr(0)} >>> s = "ab%(nl)scd%(bs)s%(bs)sn%(nul)sab%(cr)scd%(bs)s%(nl)s" % d >>> s 'ab\\ncd\\\\\\\\n\\x00ab\\rcd\\\\\\n' >>> res = _string_escape(s) >>> s == res.decode('string_escape') True """ # subset of the string_escape codec text = text.replace('\\', '\\\\').replace('\n', '\\n').replace('\r', '\\r') return text.replace('\0', '\\0') def decodeextra(text): """ >>> sorted(decodeextra(encodeextra({'foo': 'bar', 'baz': chr(0) + '2'}) ... ).iteritems()) [('baz', '\\x002'), ('branch', 'default'), ('foo', 'bar')] >>> sorted(decodeextra(encodeextra({'foo': 'bar', ... 'baz': chr(92) + chr(0) + '2'}) ... ).iteritems()) [('baz', '\\\\\\x002'), ('branch', 'default'), ('foo', 'bar')] """ extra = _defaultextra.copy() for l in text.split('\0'): if l: if '\\0' in l: # fix up \0 without getting into trouble with \\0 l = l.replace('\\\\', '\\\\\n') l = l.replace('\\0', '\0') l = l.replace('\n', '') k, v = l.decode('string_escape').split(':', 1) extra[k] = v return extra def encodeextra(d): # keys must be sorted to produce a deterministic changelog entry items = [_string_escape('%s:%s' % (k, d[k])) for k in sorted(d)] return "\0".join(items) def stripdesc(desc): """strip trailing whitespace and leading and trailing empty lines""" return '\n'.join([l.rstrip() for l in desc.splitlines()]).strip('\n') class appender(object): '''the changelog index must be updated last on disk, so we use this class to delay writes to it''' def __init__(self, vfs, name, mode, buf): self.data = buf fp = vfs(name, mode) self.fp = fp self.offset = fp.tell() self.size = vfs.fstat(fp).st_size def end(self): return self.size + len("".join(self.data)) def tell(self): return self.offset def flush(self): pass def close(self): self.fp.close() def seek(self, offset, whence=0): '''virtual file offset spans real file and data''' if whence == 0: self.offset = offset elif whence == 1: self.offset += offset elif whence == 2: self.offset = self.end() + offset if self.offset < self.size: self.fp.seek(self.offset) def read(self, count=-1): '''only trick here is reads that span real file and data''' ret = "" if self.offset < self.size: s = self.fp.read(count) ret = s self.offset += len(s) if count > 0: count -= len(s) if count != 0: doff = self.offset - self.size self.data.insert(0, "".join(self.data)) del self.data[1:] s = self.data[0][doff:doff + count] self.offset += len(s) ret += s return ret def write(self, s): self.data.append(str(s)) self.offset += len(s) def delayopener(opener, target, divert, buf): def o(name, mode='r'): if name != target: return opener(name, mode) if divert: return opener(name + ".a", mode.replace('a', 'w')) # otherwise, divert to memory return appender(opener, name, mode, buf) return o class changelog(revlog.revlog): def __init__(self, opener): revlog.revlog.__init__(self, opener, "00changelog.i") if self._initempty: # changelogs don't benefit from generaldelta self.version &= ~revlog.REVLOGGENERALDELTA self._generaldelta = False self._realopener = opener self._delayed = False self._delaybuf = [] self._divert = False self.filteredrevs = frozenset() def tip(self): """filtered version of revlog.tip""" for i in xrange(len(self) -1, -2, -1): if i not in self.filteredrevs: return self.node(i) def __iter__(self): """filtered version of revlog.__iter__""" if len(self.filteredrevs) == 0: return revlog.revlog.__iter__(self) def filterediter(): for i in xrange(len(self)): if i not in self.filteredrevs: yield i return filterediter() def revs(self, start=0, stop=None): """filtered version of revlog.revs""" for i in super(changelog, self).revs(start, stop): if i not in self.filteredrevs: yield i @util.propertycache def nodemap(self): # XXX need filtering too self.rev(self.node(0)) return self._nodecache def hasnode(self, node): """filtered version of revlog.hasnode""" try: i = self.rev(node) return i not in self.filteredrevs except KeyError: return False def headrevs(self): if self.filteredrevs: # XXX we should fix and use the C version return self._headrevs() return super(changelog, self).headrevs() def strip(self, *args, **kwargs): # XXX make something better than assert # We can't expect proper strip behavior if we are filtered. assert not self.filteredrevs super(changelog, self).strip(*args, **kwargs) def rev(self, node): """filtered version of revlog.rev""" r = super(changelog, self).rev(node) if r in self.filteredrevs: raise error.LookupError(hex(node), self.indexfile, _('no node')) return r def node(self, rev): """filtered version of revlog.node""" if rev in self.filteredrevs: raise IndexError(rev) return super(changelog, self).node(rev) def linkrev(self, rev): """filtered version of revlog.linkrev""" if rev in self.filteredrevs: raise IndexError(rev) return super(changelog, self).linkrev(rev) def parentrevs(self, rev): """filtered version of revlog.parentrevs""" if rev in self.filteredrevs: raise IndexError(rev) return super(changelog, self).parentrevs(rev) def flags(self, rev): """filtered version of revlog.flags""" if rev in self.filteredrevs: raise IndexError(rev) return super(changelog, self).flags(rev) def delayupdate(self): "delay visibility of index updates to other readers" self._delayed = True self._divert = (len(self) == 0) self._delaybuf = [] self.opener = delayopener(self._realopener, self.indexfile, self._divert, self._delaybuf) def finalize(self, tr): "finalize index updates" self._delayed = False self.opener = self._realopener # move redirected index data back into place if self._divert: tmpname = self.indexfile + ".a" nfile = self.opener.open(tmpname) nfile.close() self.opener.rename(tmpname, self.indexfile) elif self._delaybuf: fp = self.opener(self.indexfile, 'a') fp.write("".join(self._delaybuf)) fp.close() self._delaybuf = [] # split when we're done self.checkinlinesize(tr) def readpending(self, file): r = revlog.revlog(self.opener, file) self.index = r.index self.nodemap = r.nodemap self._nodecache = r._nodecache self._chunkcache = r._chunkcache def writepending(self): "create a file containing the unfinalized state for pretxnchangegroup" if self._delaybuf: # make a temporary copy of the index fp1 = self._realopener(self.indexfile) fp2 = self._realopener(self.indexfile + ".a", "w") fp2.write(fp1.read()) # add pending data fp2.write("".join(self._delaybuf)) fp2.close() # switch modes so finalize can simply rename self._delaybuf = [] self._divert = True if self._divert: return True return False def checkinlinesize(self, tr, fp=None): if not self._delayed: revlog.revlog.checkinlinesize(self, tr, fp) def read(self, node): """ format used: nodeid\n : manifest node in ascii user\n : user, no \n or \r allowed time tz extra\n : date (time is int or float, timezone is int) : extra is metadata, encoded and separated by '\0' : older versions ignore it files\n\n : files modified by the cset, no \n or \r allowed (.*) : comment (free text, ideally utf-8) changelog v0 doesn't use extra """ text = self.revision(node) if not text: return (nullid, "", (0, 0), [], "", _defaultextra) last = text.index("\n\n") desc = encoding.tolocal(text[last + 2:]) l = text[:last].split('\n') manifest = bin(l[0]) user = encoding.tolocal(l[1]) tdata = l[2].split(' ', 2) if len(tdata) != 3: time = float(tdata[0]) try: # various tools did silly things with the time zone field. timezone = int(tdata[1]) except ValueError: timezone = 0 extra = _defaultextra else: time, timezone = float(tdata[0]), int(tdata[1]) extra = decodeextra(tdata[2]) files = l[3:] return (manifest, user, (time, timezone), files, desc, extra) def add(self, manifest, files, desc, transaction, p1, p2, user, date=None, extra=None): # Convert to UTF-8 encoded bytestrings as the very first # thing: calling any method on a localstr object will turn it # into a str object and the cached UTF-8 string is thus lost. user, desc = encoding.fromlocal(user), encoding.fromlocal(desc) user = user.strip() # An empty username or a username with a "\n" will make the # revision text contain two "\n\n" sequences -> corrupt # repository since read cannot unpack the revision. if not user: raise error.RevlogError(_("empty username")) if "\n" in user: raise error.RevlogError(_("username %s contains a newline") % repr(user)) desc = stripdesc(desc) if date: parseddate = "%d %d" % util.parsedate(date) else: parseddate = "%d %d" % util.makedate() if extra: branch = extra.get("branch") if branch in ("default", ""): del extra["branch"] elif branch in (".", "null", "tip"): raise error.RevlogError(_('the name \'%s\' is reserved') % branch) if extra: extra = encodeextra(extra) parseddate = "%s %s" % (parseddate, extra) l = [hex(manifest), user, parseddate] + sorted(files) + ["", desc] text = "\n".join(l) return self.addrevision(text, transaction, len(self), p1, p2) def branchinfo(self, rev): """return the branch name and open/close state of a revision This function exists because creating a changectx object just to access this is costly.""" extra = self.read(rev)[5] return encoding.tolocal(extra.get("branch")), 'close' in extra