Mercurial > hg
view contrib/debian/control @ 36858:01f6bba64424
hgweb: remove support for POST form data (BC)
Previously, we called out to cgi.parse(), which for POST requests
parsed multipart/form-data and application/x-www-form-urlencoded
Content-Type requests for form data, combined it with query string
parameters, returned a union of the values.
As far as I know, nothing in Mercurial actually uses this mechanism
to submit data to the HTTP server. The wire protocol has its own
mechanism for passing parameters. And the web interface only does
GET requests. Removing support for parsing POST data doesn't break
any tests.
Another reason to not like this feature is that cgi.parse() may
modify the QUERY_STRING environment variable as a side-effect.
In addition, it merges both POST data and the query string into
one data structure. This prevents consumers from knowing whether
a variable came from the query string or POST data. That can matter
for some operations.
I suspect we use cgi.parse() because back when this code was
initially implemented, it was the function that was readily
available. In other words, I don't think there was conscious
choice to support POST data: we just got it because cgi.parse()
supported it.
Since nothing uses the feature and it is untested, let's remove
support for parsing POST form data. We can add it back in easily
enough if we need it in the future.
.. bc::
Hgweb no longer reads form data in POST requests from
multipart/form-data and application/x-www-form-urlencoded
requests. Arguments should be specified as URL path components
or in the query string in the URL instead.
Differential Revision: https://phab.mercurial-scm.org/D2774
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sat, 10 Mar 2018 11:07:53 -0800 |
| parents | 9929af2b09b4 |
| children |
line wrap: on
line source
Source: mercurial Section: vcs Priority: optional Maintainer: Mercurial Developers <mercurial-devel@mercurial-scm.org> Build-Depends: debhelper (>= 9), dh-python, less, netbase, python-all, python-all-dev, python-docutils, unzip, zip Standards-Version: 3.9.4 X-Python-Version: >= 2.7 Package: mercurial Depends: python, ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, mercurial-common (= ${source:Version}) Architecture: any Description: fast, easy to use, distributed revision control tool. Mercurial is a fast, lightweight Source Control Management system designed for efficient handling of very large distributed projects. . Its features include: * O(1) delta-compressed file storage and retrieval scheme * Complete cross-indexing of files and changesets for efficient exploration of project history * Robust SHA1-based integrity checking and append-only storage model * Decentralized development model with arbitrary merging between trees * Easy-to-use command-line interface * Integrated stand-alone web interface * Small Python codebase Package: mercurial-common Architecture: all Depends: ${misc:Depends}, ${python:Depends}, Recommends: mercurial (= ${source:Version}), ca-certificates Suggests: wish Breaks: mercurial (<< ${source:Version}) Replaces: mercurial (<< 2.6.3) Description: easy-to-use, scalable distributed version control system (common files) Mercurial is a fast, lightweight Source Control Management system designed for efficient handling of very large distributed projects. . This package contains the architecture independent components of Mercurial, and is generally useless without the mercurial package.