Mercurial > hg

view hg @ 31790:62f9679df1f2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: extract path traversal checking into standalone function A common exploit in web applications that access paths is to insert path separator strings like ".." to try to get the server to serve up files it shouldn't. We have code for detecting this in staticfile(). A subsequent commit will need to perform this test as well. Since this is security code, let's factor the check so we don't have to reinvent the wheel.
author Gregory Szorc <gregory.szorc@gmail.com>
date Fri, 31 Mar 2017 21:47:26 -0700
parents 1f5052d35b30
children b4810bf95c03
line wrap: on
line source

#!/usr/bin/env python
#
# mercurial - scalable distributed SCM
#
# Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.

import os
import sys

if os.environ.get('HGUNICODEPEDANTRY', False):
    try:
        reload(sys)
        sys.setdefaultencoding("undefined")
    except NameError:
        pass

libdir = '@LIBDIR@'

if libdir != '@' 'LIBDIR' '@':
    if not os.path.isabs(libdir):
        libdir = os.path.join(os.path.dirname(os.path.realpath(__file__)),
                              libdir)
        libdir = os.path.abspath(libdir)
    sys.path.insert(0, libdir)

# enable importing on demand to reduce startup time
try:
    if sys.version_info[0] < 3:
        from mercurial import demandimport; demandimport.enable()
except ImportError:
    sys.stderr.write("abort: couldn't find mercurial libraries in [%s]\n" %
                     ' '.join(sys.path))
    sys.stderr.write("(check your install and PYTHONPATH)\n")
    sys.exit(-1)

import mercurial.util
import mercurial.dispatch

for fp in (sys.stdin, sys.stdout, sys.stderr):
    mercurial.util.setbinary(fp)

mercurial.dispatch.run()