Mercurial > hg
diff contrib/undumprevlog @ 30850:41e31a6f5296 stable
revset: prevent using outgoing() and remote() in hgweb session (BC)
outgoing() and remote() may stall for long due to network I/O, which seems
unsafe per definition, "whether a predicate is safe for DoS attack." But I'm
not 100% sure about this. If our concern isn't elapsed time but CPU resource,
these predicates are considered safe. Perhaps that would be up to the
web/application server configuration?
Anyway, outgoing() and remote() wouldn't be useful in hgweb, so I think
it's okay to ban them.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Fri, 20 Jan 2017 21:33:18 +0900 |
parents | 4f76c0c490b3 |
children | 21fa3d3688f3 |