Mercurial > hg
diff COPYING @ 34984:071cbeba4212 stable
subrepo: disallow symlink traversal across subrepo mount point (SEC)
It wasn't easy to extend the pathauditor to check symlink traversal across
subrepos because pathauditor._checkfs() rejects a directory having ".hg"
directory. That's why I added the explicit islink() check.
No idea if this patch is necessary after we've fixed the issue5730 by
splitting submerge() into planning and execution phases.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Fri, 03 Nov 2017 20:12:50 +0900 |
parents | 8c8b55733cbd |
children |