Mercurial > hg
comparison mercurial/hgweb/hgweb_mod.py @ 26138:f77a3f27cea5
merge with stable
| author | Matt Mackall <mpm@selenic.com> |
|---|---|
| date | Tue, 01 Sep 2015 17:09:00 -0500 |
| parents | 6defc74f3066 1a45e49a6bed |
| children | fd9b1262f0e4 |
comparison
equal
deleted
inserted
replaced
| 26137:99e8a9ff1f5f | 26138:f77a3f27cea5 |
|---|---|
| 157 self.repo = r | 157 self.repo = r |
| 158 hook.redirect(True) | 158 hook.redirect(True) |
| 159 self.repostate = ((-1, -1), (-1, -1)) | 159 self.repostate = ((-1, -1), (-1, -1)) |
| 160 self.mtime = -1 | 160 self.mtime = -1 |
| 161 self.reponame = name | 161 self.reponame = name |
| 162 # a repo owner may set web.templates in .hg/hgrc to get any file | 162 # we use untrusted=False to prevent a repo owner from using |
| 163 # readable by the user running the CGI script | 163 # web.templates in .hg/hgrc to get access to any file readable |
| 164 self.templatepath = self.config('web', 'templates') | 164 # by the user running the CGI script |
| 165 self.templatepath = self.config('web', 'templates', untrusted=False) | |
| 165 self.websubtable = self.loadwebsub() | 166 self.websubtable = self.loadwebsub() |
| 166 | 167 |
| 167 # The CGI scripts are often run by a user different from the repo owner. | 168 # The CGI scripts are often run by a user different from the repo owner. |
| 168 # Trust the settings from the .hg/hgrc files by default. | 169 # Trust the settings from the .hg/hgrc files by default. |
| 169 def config(self, section, name, default=None, untrusted=True): | 170 def config(self, section, name, default=None, untrusted=True): |