Mercurial > hg
comparison mercurial/hgweb/hgweb_mod.py @ 5963:5be210afe1b8
hgweb: explicitly check if requested command exists
| author | Dirkjan Ochtman <dirkjan@ochtman.nl> |
|---|---|
| date | Mon, 28 Jan 2008 14:58:03 +0100 |
| parents | 0011316fbe0e |
| children | 1cd1582ef25f |
comparison
equal
deleted
inserted
replaced
| 5962:0011316fbe0e | 5963:5be210afe1b8 |
|---|---|
| 200 # actually process the request | 200 # actually process the request |
| 201 | 201 |
| 202 try: | 202 try: |
| 203 | 203 |
| 204 cmd = req.form.get('cmd', [''])[0] | 204 cmd = req.form.get('cmd', [''])[0] |
| 205 if hasattr(protocol, cmd): | 205 if cmd in protocol.__all__: |
| 206 method = getattr(protocol, cmd) | 206 method = getattr(protocol, cmd) |
| 207 method(self, req) | 207 method(self, req) |
| 208 else: | 208 else: |
| 209 | |
| 210 tmpl = self.templater(req) | 209 tmpl = self.templater(req) |
| 211 if cmd == '': | 210 if cmd == '': |
| 212 req.form['cmd'] = [tmpl.cache['default']] | 211 req.form['cmd'] = [tmpl.cache['default']] |
| 213 cmd = req.form['cmd'][0] | 212 cmd = req.form['cmd'][0] |
| 214 | 213 |
| 215 if cmd == 'file' and 'raw' in req.form.get('style', []): | 214 if cmd not in webcommands.__all__: |
| 215 raise ErrorResponse(400, 'No such method: ' + cmd) | |
| 216 elif cmd == 'file' and 'raw' in req.form.get('style', []): | |
| 216 webcommands.rawfile(self, req, tmpl) | 217 webcommands.rawfile(self, req, tmpl) |
| 217 else: | 218 else: |
| 218 getattr(webcommands, cmd)(self, req, tmpl) | 219 getattr(webcommands, cmd)(self, req, tmpl) |
| 219 | 220 |
| 220 del tmpl | 221 del tmpl |
| 225 except (hg.RepoError, revlog.RevlogError), inst: | 226 except (hg.RepoError, revlog.RevlogError), inst: |
| 226 req.respond('500 Internal Server Error', | 227 req.respond('500 Internal Server Error', |
| 227 tmpl('error', error=str(inst))) | 228 tmpl('error', error=str(inst))) |
| 228 except ErrorResponse, inst: | 229 except ErrorResponse, inst: |
| 229 req.respond(inst.code, tmpl('error', error=inst.message)) | 230 req.respond(inst.code, tmpl('error', error=inst.message)) |
| 230 except AttributeError: | |
| 231 req.respond(400, tmpl('error', error='No such method: ' + cmd)) | |
| 232 | 231 |
| 233 def templater(self, req): | 232 def templater(self, req): |
| 234 | 233 |
| 235 # determine scheme, port and server name | 234 # determine scheme, port and server name |
| 236 # this is needed to create absolute urls | 235 # this is needed to create absolute urls |