changeset 6791:bbd89c9e6012

Check that git patches only touch files under root
author Brendan Cully <brendan@kublai.com>
date Wed, 25 Jun 2008 14:13:20 -0700
parents 24b2e213d84b
children b2c4be19d7b1 71e339714586
files mercurial/patch.py tests/test-import tests/test-import.out
diffstat 3 files changed, 19 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/patch.py	Tue Jul 01 23:41:47 2008 +0100
+++ b/mercurial/patch.py	Wed Jun 25 14:13:20 2008 -0700
@@ -1039,9 +1039,12 @@
                 continue
         elif state == 'git':
             gitpatches = values
+            cwd = os.getcwd()
             for gp in gitpatches:
                 if gp.op in ('COPY', 'RENAME'):
-                    copyfile(gp.oldpath, gp.path)
+                    src, dst = [util.canonpath(cwd, cwd, x)
+                                for x in [gp.oldpath, gp.path]]
+                    copyfile(src, dst)
                 changed[gp.path] = (gp.op, gp)
         else:
             raise util.Abort(_('unsupported parser state: %s') % state)
--- a/tests/test-import	Tue Jul 01 23:41:47 2008 +0100
+++ b/tests/test-import	Wed Jun 25 14:13:20 2008 -0700
@@ -261,3 +261,15 @@
 hg status
 cat a
 cd ..
+
+echo % 'test paths outside repo root'
+mkdir outside
+touch outside/foo
+hg init inside
+cd inside
+hg import - <<EOF
+diff --git a/a b/b
+rename from ../outside/foo
+rename to bar
+EOF
+cd ..
--- a/tests/test-import.out	Tue Jul 01 23:41:47 2008 +0100
+++ b/tests/test-import.out	Wed Jun 25 14:13:20 2008 -0700
@@ -260,3 +260,6 @@
 adding a
 applying patch from stdin
 bb
+% test paths outside repo root
+applying patch from stdin
+abort: ../outside/foo not under root