Mercurial > hg
comparison mercurial/url.py @ 12049:e329c250b0ba stable
url: limit expansion to safe auth keys (Issue2328)
Mads Kiilerich pointed out that 7c9beccb0533 was too eager since the
prefix and password keys may contain $-signs. So this only add the
username to the list of keys that are expanded.
This also updates the documentation to match.
author | Martin Geisler <mg@aragost.com> |
---|---|
date | Fri, 13 Aug 2010 10:53:10 +0200 |
parents | 11035185b619 |
children | 5d22e631c365 ca5fd84d62c6 |
comparison
equal
deleted
inserted
replaced
12048:11035185b619 | 12049:e329c250b0ba |
---|---|
154 if '.' not in key: | 154 if '.' not in key: |
155 self.ui.warn(_("ignoring invalid [auth] key '%s'\n") % key) | 155 self.ui.warn(_("ignoring invalid [auth] key '%s'\n") % key) |
156 continue | 156 continue |
157 group, setting = key.split('.', 1) | 157 group, setting = key.split('.', 1) |
158 gdict = config.setdefault(group, dict()) | 158 gdict = config.setdefault(group, dict()) |
159 val = util.expandpath(val) | 159 if setting in ('username', 'cert', 'key'): |
160 val = util.expandpath(val) | |
160 gdict[setting] = val | 161 gdict[setting] = val |
161 | 162 |
162 # Find the best match | 163 # Find the best match |
163 scheme, hostpath = uri.split('://', 1) | 164 scheme, hostpath = uri.split('://', 1) |
164 bestlen = 0 | 165 bestlen = 0 |