365 # restrict to exactly that set of arguments, and prohibit |
365 # restrict to exactly that set of arguments, and prohibit |
366 # any repo name that starts with '--' to prevent |
366 # any repo name that starts with '--' to prevent |
367 # shenanigans wherein a user does something like pass |
367 # shenanigans wherein a user does something like pass |
368 # --debugger or --config=ui.debugger=1 as a repo |
368 # --debugger or --config=ui.debugger=1 as a repo |
369 # name. This used to actually run the debugger. |
369 # name. This used to actually run the debugger. |
|
370 nbargs = 4 |
|
371 hashiddenaccess = b'--hidden' in cmdargs |
|
372 if hashiddenaccess: |
|
373 nbargs += 1 |
370 if ( |
374 if ( |
371 len(req.args) != 4 |
375 len(req.args) != nbargs |
372 or req.args[0] != b'-R' |
376 or req.args[0] != b'-R' |
373 or req.args[1].startswith(b'--') |
377 or req.args[1].startswith(b'--') |
374 or req.args[2] != b'serve' |
378 or req.args[2] != b'serve' |
375 or req.args[3] != b'--stdio' |
379 or req.args[3] != b'--stdio' |
|
380 or hashiddenaccess |
|
381 and req.args[4] != b'--hidden' |
376 ): |
382 ): |
377 raise error.Abort( |
383 raise error.Abort( |
378 _(b'potentially unsafe serve --stdio invocation: %s') |
384 _(b'potentially unsafe serve --stdio invocation: %s') |
379 % (stringutil.pprint(req.args),) |
385 % (stringutil.pprint(req.args),) |
380 ) |
386 ) |