Mercurial > hg
view CONTRIBUTING @ 31790:62f9679df1f2
hgweb: extract path traversal checking into standalone function
A common exploit in web applications that access paths is to insert
path separator strings like ".." to try to get the server to serve up
files it shouldn't.
We have code for detecting this in staticfile(). A subsequent commit
will need to perform this test as well. Since this is security code,
let's factor the check so we don't have to reinvent the wheel.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Fri, 31 Mar 2017 21:47:26 -0700 |
parents | a492610a2fc1 |
children |
line wrap: on
line source
Our full contribution guidelines are in our wiki, please see: https://www.mercurial-scm.org/wiki/ContributingChanges If you just want a checklist to follow, you can go straight to https://www.mercurial-scm.org/wiki/ContributingChanges#Submission_checklist If you can't run the entire testsuite for some reason (it can be difficult on Windows), please at least run `contrib/check-code.py` on any files you've modified and run `python contrib/check-commit` on any commits you've made (for example, `python contrib/check-commit 273ce12ad8f1` will report some style violations on a very old commit).