Alexis S. L. Carvalho <alexis@cecm.usp.br> [Thu, 26 Oct 2006 19:25:45 +0200] rev 3555
use untrusted settings in hgweb
The only exceptions are web.static and web.templates, since they can
be used to get any file that is readable by the user running the CGI
script.
Other options can be (ab)used to increase the use of the cpu
(allow_bz2) or of the bandwidth (server.uncompressed), but they're
trusted anyway.
Alexis S. L. Carvalho <alexis@cecm.usp.br> [Thu, 26 Oct 2006 19:25:45 +0200] rev 3554
add untrusted argument to patch.diffopts
Alexis S. L. Carvalho <alexis@cecm.usp.br> [Thu, 26 Oct 2006 19:25:45 +0200] rev 3553
add --untrusted to showconfig
Alexis S. L. Carvalho <alexis@cecm.usp.br> [Thu, 26 Oct 2006 19:25:45 +0200] rev 3552
save settings from untrusted config files in a separate configparser
This untrusted configparser is a superset of the trusted configparser,
so that interpolation still works.
Also add an "untrusted" argument to ui.config* to allow querying
ui.ucdata.
With --debug, we print a warning when we read an untrusted config
file, and when we try to access a trusted setting that has one value
in the trusted configparser and another in the untrusted configparser.
Alexis S. L. Carvalho <alexis@cecm.usp.br> [Thu, 26 Oct 2006 19:25:44 +0200] rev 3551
Only read .hg/hgrc files from trusted users/groups
The list of trusted users and groups is specified in the [trusted]
section of a hgrc; the current user is always trusted; "*" can be
used to trust all users/groups.
Global hgrc files are always read.
On Windows (and other systems that don't have the pwd and grp modules),
all .hg/hgrc files are read.
This is essentially the same patch that was previously applied as
revision 494521a3f142.
Brendan Cully <brendan@kublai.com> [Thu, 26 Oct 2006 10:06:12 -0700] rev 3550
zsh: add revrange completion
Brendan Cully <brendan@kublai.com> [Thu, 26 Oct 2006 09:46:08 -0700] rev 3549
zsh: add qbase and qtip to qapplied completions
Brendan Cully <brendan@kublai.com> [Thu, 26 Oct 2006 09:44:03 -0700] rev 3548
zsh: use standard tags where possible
Brendan Cully <brendan@kublai.com> [Thu, 26 Oct 2006 09:40:20 -0700] rev 3547
mq: support qimport -
Christian Ebert <blacktrash@gmx.net> [Wed, 25 Oct 2006 20:59:50 +0200] rev 3546
hgcommand.vim: doc install delete into "black hole", g: prefix global vars.