Mercurial > hg
comparison mercurial/url.py @ 12049:e329c250b0ba stable
url: limit expansion to safe auth keys (Issue2328)
Mads Kiilerich pointed out that 7c9beccb0533 was too eager since the
prefix and password keys may contain $-signs. So this only add the
username to the list of keys that are expanded.
This also updates the documentation to match.
| author | Martin Geisler <mg@aragost.com> |
|---|---|
| date | Fri, 13 Aug 2010 10:53:10 +0200 |
| parents | 11035185b619 |
| children | 5d22e631c365 ca5fd84d62c6 |
comparison
equal
deleted
inserted
replaced
| 12048:11035185b619 | 12049:e329c250b0ba |
|---|---|
| 154 if '.' not in key: | 154 if '.' not in key: |
| 155 self.ui.warn(_("ignoring invalid [auth] key '%s'\n") % key) | 155 self.ui.warn(_("ignoring invalid [auth] key '%s'\n") % key) |
| 156 continue | 156 continue |
| 157 group, setting = key.split('.', 1) | 157 group, setting = key.split('.', 1) |
| 158 gdict = config.setdefault(group, dict()) | 158 gdict = config.setdefault(group, dict()) |
| 159 val = util.expandpath(val) | 159 if setting in ('username', 'cert', 'key'): |
| 160 val = util.expandpath(val) | |
| 160 gdict[setting] = val | 161 gdict[setting] = val |
| 161 | 162 |
| 162 # Find the best match | 163 # Find the best match |
| 163 scheme, hostpath = uri.split('://', 1) | 164 scheme, hostpath = uri.split('://', 1) |
| 164 bestlen = 0 | 165 bestlen = 0 |