Mercurial > hg
view README @ 31790:62f9679df1f2
hgweb: extract path traversal checking into standalone function
A common exploit in web applications that access paths is to insert
path separator strings like ".." to try to get the server to serve up
files it shouldn't.
We have code for detecting this in staticfile(). A subsequent commit
will need to perform this test as well. Since this is security code,
let's factor the check so we don't have to reinvent the wheel.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Fri, 31 Mar 2017 21:47:26 -0700 |
parents | 4b0fc75f9403 |
children | 76b171209151 |
line wrap: on
line source
Mercurial ========= Mercurial is a fast, easy to use, distributed revision control tool for software developers. Basic install: $ make # see install targets $ make install # do a system-wide install $ hg debuginstall # sanity-check setup $ hg # see help Running without installing: $ make local # build for inplace usage $ ./hg --version # should show the latest version See https://mercurial-scm.org/ for detailed installation instructions, platform-specific notes, and Mercurial user information.