Mercurial > hg
annotate mercurial/changelog.py @ 1835:bdfb524d728a
Validate paths before reading or writing files in repository or working dir.
Fixes security relevant issue134.
| author | Thomas Arendsen Hein <thomas@intevation.de> |
|---|---|
| date | Sat, 04 Mar 2006 19:01:45 +0100 |
| parents | 9d2c2e6b32b5 |
| children | 11d12bd6e1dc 74d3f5336b66 |
| rev | line source |
|---|---|
| 1095 | 1 # changelog.py - changelog class for mercurial |
|
0
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
2 # |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
3 # Copyright 2005 Matt Mackall <mpm@selenic.com> |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
4 # |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
5 # This software may be used and distributed according to the terms |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
6 # of the GNU General Public License, incorporated herein by reference. |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
7 |
| 262 | 8 from revlog import * |
|
1400
cf9a1233738a
i18n first part: make '_' available for files who need it
Benoit Boissinot <benoit.boissinot@ens-lyon.org
parents:
1364
diff
changeset
|
9 from i18n import gettext as _ |
|
1321
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
10 from demandload import demandload |
|
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
11 demandload(globals(), "os time util") |
|
0
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
12 |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
13 class changelog(revlog): |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
14 def __init__(self, opener): |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
15 revlog.__init__(self, opener, "00changelog.i", "00changelog.d") |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
16 |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
17 def extract(self, text): |
| 37 | 18 if not text: |
|
1364
0f25830f6bc3
Fix data reported for the nullid changeset
Matt Mackall <mpm@selenic.com>
parents:
1327
diff
changeset
|
19 return (nullid, "", (0, 0), [], "") |
|
0
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
20 last = text.index("\n\n") |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
21 desc = text[last + 2:] |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
22 l = text[:last].splitlines() |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
23 manifest = bin(l[0]) |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
24 user = l[1] |
|
1321
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
25 date = l[2].split(' ') |
|
1327
085e3fc189b6
Some repos represent a date as a float.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1321
diff
changeset
|
26 time = float(date.pop(0)) |
|
1321
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
27 try: |
|
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
28 # various tools did silly things with the time zone field. |
|
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
29 timezone = int(date[0]) |
|
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
30 except: |
|
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
31 timezone = 0 |
|
0
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
32 files = l[3:] |
|
1321
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
33 return (manifest, user, (time, timezone), files, desc) |
|
0
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
34 |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
35 def read(self, node): |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
36 return self.extract(self.revision(node)) |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
37 |
| 203 | 38 def add(self, manifest, list, desc, transaction, p1=None, p2=None, |
| 39 user=None, date=None): | |
|
1195
f92af8d53330
Validate user input of dates when adding a changelog entry.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1095
diff
changeset
|
40 if date: |
|
1196
3738e85ead07
Make date/timezone validation in changelog.add more robust. Add test.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1195
diff
changeset
|
41 # validate explicit (probably user-specified) date and |
|
1197
8deb69818e4b
Date validation must check for 32-bit width. Don't use assert to check.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1196
diff
changeset
|
42 # time zone offset. values must fit in signed 32 bits for |
|
8deb69818e4b
Date validation must check for 32-bit width. Don't use assert to check.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1196
diff
changeset
|
43 # current 32-bit linux runtimes. |
|
1202
71111d796e40
Commit date validation: more stringent checks, more useful error messages.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1197
diff
changeset
|
44 try: |
|
71111d796e40
Commit date validation: more stringent checks, more useful error messages.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1197
diff
changeset
|
45 when, offset = map(int, date.split(' ')) |
|
71111d796e40
Commit date validation: more stringent checks, more useful error messages.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1197
diff
changeset
|
46 except ValueError: |
|
1402
9d2c2e6b32b5
i18n part2: use '_' for all strings who are part of the user interface
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1400
diff
changeset
|
47 raise ValueError(_('invalid date: %r') % date) |
|
1197
8deb69818e4b
Date validation must check for 32-bit width. Don't use assert to check.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1196
diff
changeset
|
48 if abs(when) > 0x7fffffff: |
|
1402
9d2c2e6b32b5
i18n part2: use '_' for all strings who are part of the user interface
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1400
diff
changeset
|
49 raise ValueError(_('date exceeds 32 bits: %d') % when) |
|
1197
8deb69818e4b
Date validation must check for 32-bit width. Don't use assert to check.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1196
diff
changeset
|
50 if abs(offset) >= 43200: |
|
1402
9d2c2e6b32b5
i18n part2: use '_' for all strings who are part of the user interface
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1400
diff
changeset
|
51 raise ValueError(_('impossible time zone offset: %d') % offset) |
|
1195
f92af8d53330
Validate user input of dates when adding a changelog entry.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1095
diff
changeset
|
52 else: |
|
1321
b47f96a178a3
Clean up date and timezone handling.
Bryan O'Sullivan <bos@serpentine.com>
parents:
1202
diff
changeset
|
53 date = "%d %d" % util.makedate() |
|
0
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
54 list.sort() |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
55 l = [hex(manifest), user, date] + list + ["", desc] |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
56 text = "\n".join(l) |
|
9117c6561b0b
Add back links from file revisions to changeset revisions
mpm@selenic.com
parents:
diff
changeset
|
57 return self.addrevision(text, transaction, self.count(), p1, p2) |