Mercurial > hg
annotate hgeditor @ 36858:01f6bba64424
hgweb: remove support for POST form data (BC)
Previously, we called out to cgi.parse(), which for POST requests
parsed multipart/form-data and application/x-www-form-urlencoded
Content-Type requests for form data, combined it with query string
parameters, returned a union of the values.
As far as I know, nothing in Mercurial actually uses this mechanism
to submit data to the HTTP server. The wire protocol has its own
mechanism for passing parameters. And the web interface only does
GET requests. Removing support for parsing POST data doesn't break
any tests.
Another reason to not like this feature is that cgi.parse() may
modify the QUERY_STRING environment variable as a side-effect.
In addition, it merges both POST data and the query string into
one data structure. This prevents consumers from knowing whether
a variable came from the query string or POST data. That can matter
for some operations.
I suspect we use cgi.parse() because back when this code was
initially implemented, it was the function that was readily
available. In other words, I don't think there was conscious
choice to support POST data: we just got it because cgi.parse()
supported it.
Since nothing uses the feature and it is untested, let's remove
support for parsing POST form data. We can add it back in easily
enough if we need it in the future.
.. bc::
Hgweb no longer reads form data in POST requests from
multipart/form-data and application/x-www-form-urlencoded
requests. Arguments should be specified as URL path components
or in the query string in the URL instead.
Differential Revision: https://phab.mercurial-scm.org/D2774
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sat, 10 Mar 2018 11:07:53 -0800 |
parents | 1aee2ab0f902 |
children |
rev | line source |
---|---|
544
3d4d5f2aba9a
Remove bashisms and use /bin/sh instead of /bin/bash.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
484
diff
changeset
|
1 #!/bin/sh |
186 | 2 # |
1599
f93fde8f5027
remove the gpg stuff from hgeditor (superseded by the signing extension)
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1009
diff
changeset
|
3 # This is an example of using HGEDITOR to create of diff to review the |
26781
1aee2ab0f902
spelling: trivial spell checking
Mads Kiilerich <madski@unity3d.com>
parents:
11266
diff
changeset
|
4 # changes while committing. |
684
4ccf3de52989
Turn off signing with hgeditor by default
Matt Mackall <mpm@selenic.com>
parents:
683
diff
changeset
|
5 |
666
0100a43788ca
hgeditor: Remove EMAIL default for HGUSER, comment editor selection
Radoslaw "AstralStorm" Szkodzinski <astralstorm@gorzow.mm.pl>
parents:
665
diff
changeset
|
6 # If you want to pass your favourite editor some other parameters |
0100a43788ca
hgeditor: Remove EMAIL default for HGUSER, comment editor selection
Radoslaw "AstralStorm" Szkodzinski <astralstorm@gorzow.mm.pl>
parents:
665
diff
changeset
|
7 # only for Mercurial, modify this: |
796
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
8 case "${EDITOR}" in |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
9 "") |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
10 EDITOR="vi" |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
11 ;; |
348
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
12 emacs) |
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
13 EDITOR="$EDITOR -nw" |
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
14 ;; |
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
15 gvim|vim) |
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
16 EDITOR="$EDITOR -f -o" |
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
17 ;; |
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
18 esac |
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
19 |
796
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
20 |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
21 HGTMP="" |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
22 cleanup_exit() { |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
23 rm -rf "$HGTMP" |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
24 } |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
25 |
754
3e73bf876f17
Fixes and cleanups to hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
684
diff
changeset
|
26 # Remove temporary files even if we get interrupted |
831
232d0616a80a
Cleaned up trap handling:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
814
diff
changeset
|
27 trap "cleanup_exit" 0 # normal exit |
11190
43337076ba92
Fixed a bashism with trap numbers in hgeditor.
Javi Merino <cibervicho@gmail.com>
parents:
4687
diff
changeset
|
28 trap "exit 255" HUP INT QUIT ABRT TERM |
796
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
29 |
11266
2b440bb8a66b
Fixed a bashism with the use of $RANDOM in hgeditor.
Javi Merino <cibervicho@gmail.com>
parents:
11190
diff
changeset
|
30 HGTMP=$(mktemp -d ${TMPDIR-/tmp}/hgeditor.XXXXXX) |
2b440bb8a66b
Fixed a bashism with the use of $RANDOM in hgeditor.
Javi Merino <cibervicho@gmail.com>
parents:
11190
diff
changeset
|
31 [ x$HGTMP != x -a -d $HGTMP ] || { |
2b440bb8a66b
Fixed a bashism with the use of $RANDOM in hgeditor.
Javi Merino <cibervicho@gmail.com>
parents:
11190
diff
changeset
|
32 echo "Could not create temporary directory! Exiting." 1>&2 |
2b440bb8a66b
Fixed a bashism with the use of $RANDOM in hgeditor.
Javi Merino <cibervicho@gmail.com>
parents:
11190
diff
changeset
|
33 exit 1 |
796
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
34 } |
33a272b79e54
Replaced mktemp and usage of ${par:=word}.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
769
diff
changeset
|
35 |
754
3e73bf876f17
Fixes and cleanups to hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
684
diff
changeset
|
36 ( |
3e73bf876f17
Fixes and cleanups to hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
684
diff
changeset
|
37 grep '^HG: changed' "$1" | cut -b 13- | while read changed; do |
4687
b5bbfa18daf7
hgeditor: Use $HG to run 'hg diff' (see 849f011dbf79)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4659
diff
changeset
|
38 "$HG" diff "$changed" >> "$HGTMP/diff" |
754
3e73bf876f17
Fixes and cleanups to hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
684
diff
changeset
|
39 done |
3e73bf876f17
Fixes and cleanups to hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
684
diff
changeset
|
40 ) |
348
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
41 |
1599
f93fde8f5027
remove the gpg stuff from hgeditor (superseded by the signing extension)
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1009
diff
changeset
|
42 cat "$1" > "$HGTMP/msg" |
684
4ccf3de52989
Turn off signing with hgeditor by default
Matt Mackall <mpm@selenic.com>
parents:
683
diff
changeset
|
43 |
3025
d9b8d28c0b94
Find the system's MD5 binary.
Will Maier <willmaier@ml1.net>
parents:
1706
diff
changeset
|
44 MD5=$(which md5sum 2>/dev/null) || \ |
4659
7a7d4937272b
Kill trailing spaces
Thomas Arendsen Hein <thomas@intevation.de>
parents:
3025
diff
changeset
|
45 MD5=$(which md5 2>/dev/null) |
3025
d9b8d28c0b94
Find the system's MD5 binary.
Will Maier <willmaier@ml1.net>
parents:
1706
diff
changeset
|
46 [ -x "${MD5}" ] && CHECKSUM=`${MD5} "$HGTMP/msg"` |
1009
1bc619b12025
Don't show the diff in hgeditor if there are no changes in file contents.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
839
diff
changeset
|
47 if [ -s "$HGTMP/diff" ]; then |
1bc619b12025
Don't show the diff in hgeditor if there are no changes in file contents.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
839
diff
changeset
|
48 $EDITOR "$HGTMP/msg" "$HGTMP/diff" || exit $? |
1bc619b12025
Don't show the diff in hgeditor if there are no changes in file contents.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
839
diff
changeset
|
49 else |
1bc619b12025
Don't show the diff in hgeditor if there are no changes in file contents.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
839
diff
changeset
|
50 $EDITOR "$HGTMP/msg" || exit $? |
1bc619b12025
Don't show the diff in hgeditor if there are no changes in file contents.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
839
diff
changeset
|
51 fi |
3025
d9b8d28c0b94
Find the system's MD5 binary.
Will Maier <willmaier@ml1.net>
parents:
1706
diff
changeset
|
52 [ -x "${MD5}" ] && (echo "$CHECKSUM" | ${MD5} -c >/dev/null 2>&1 && exit 13) |
754
3e73bf876f17
Fixes and cleanups to hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
684
diff
changeset
|
53 |
1599
f93fde8f5027
remove the gpg stuff from hgeditor (superseded by the signing extension)
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1009
diff
changeset
|
54 mv "$HGTMP/msg" "$1" |
348
442eb02cf870
Improved hgeditor:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
280
diff
changeset
|
55 |
831
232d0616a80a
Cleaned up trap handling:
Thomas Arendsen Hein <thomas@intevation.de>
parents:
814
diff
changeset
|
56 exit $? |