Mercurial > hg
annotate hgweb.cgi @ 29452:26a5d605b868 stable 3.8.4
sslutil: synchronize hostname matching logic with CPython
sslutil contains its own hostname matching logic. CPython has code
for the same intent. However, it is only available to Python 2.7.9+
(or distributions that have backported 2.7.9's ssl module
improvements).
This patch effectively imports CPython's hostname matching code
from its ssl.py into sslutil.py. The hostname matching code itself
is pretty similar. However, the DNS name matching code is much more
robust and spec conformant.
As the test changes show, this changes some behavior around
wildcard handling and IDNA matching. The new behavior allows
wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com')
This is spec compliant according to RFC 6125 Section 6.5.3 item 3.
There is one test where the matcher is more strict. Before,
'*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking
this is a security vulnerability.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 26 Jun 2016 19:34:48 -0700 |
parents | 4b0fc75f9403 |
children | 47ef023d0165 |
rev | line source |
---|---|
202 | 1 #!/usr/bin/env python |
159 | 2 # |
11000
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
3 # An example hgweb CGI script, edit as necessary |
26421
4b0fc75f9403
urls: bulk-change primary website URLs
Matt Mackall <mpm@selenic.com>
parents:
15475
diff
changeset
|
4 # See also https://mercurial-scm.org/wiki/PublishingRepositories |
159 | 5 |
11000
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
6 # Path to repo or hgweb config to serve (see 'hg help hgweb') |
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
7 config = "/path/to/repo/or/config" |
5244
79279b5583c6
cgi: sys.path.insert should be before importing mercurial
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
5197
diff
changeset
|
8 |
15475
85cba926cb59
hgweb: add hint about finding library path with debuginstall
Matt Mackall <mpm@selenic.com>
parents:
11503
diff
changeset
|
9 # Uncomment and adjust if Mercurial is not installed system-wide |
85cba926cb59
hgweb: add hint about finding library path with debuginstall
Matt Mackall <mpm@selenic.com>
parents:
11503
diff
changeset
|
10 # (consult "installed modules" path from 'hg debuginstall'): |
11000
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
11 #import sys; sys.path.insert(0, "/path/to/python/lib") |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
3868
diff
changeset
|
12 |
6080
4baad19c4801
hgweb: disable cgitb by default
Maxim Dounin <mdounin@mdounin.ru>
parents:
5995
diff
changeset
|
13 # Uncomment to send python tracebacks to the browser if an error occurs: |
11000
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
14 #import cgitb; cgitb.enable() |
391
5f65a108a559
hgweb: pull cgitb into CGI script example, where it can easily be disabled
mpm@selenic.com
parents:
202
diff
changeset
|
15 |
11000
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
16 from mercurial import demandimport; demandimport.enable() |
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
17 from mercurial.hgweb import hgweb, wsgicgi |
338167735124
hgweb: simplify hgweb.cgi, add help pointer
Matt Mackall <mpm@selenic.com>
parents:
6142
diff
changeset
|
18 application = hgweb(config) |
6141
90e5c82a3859
Backed out changeset b913d3aacddc (see issue971/msg5317)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5995
diff
changeset
|
19 wsgicgi.launch(application) |