subrepo: reject potentially unsafe subrepo paths (BC) (SEC)
In addition to the previous patch, this prohibits '~', '$nonexistent', etc.
for any subrepo types. I think this is safer, and real-world subrepos wouldn't
use such (local) paths.
# Apache won't be able to resolve its own hostname, so we sneak this
# into the global context to silence a confusing-to-user warning on
# server start.
ServerName hg
<VirtualHost *:80>
DocumentRoot /var/hg/htdocs
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
SetEnv HGENCODING UTF-8
SetEnv LC_TYPE UTF-8
WSGIDaemonProcess hg processes=${WSGI_PROCESSES} threads=${WSGI_THREADS} maximum-requests=${WSGI_MAX_REQUESTS} user=www-data group=www-data display-name=hg-wsgi
WSGIProcessGroup hg
WSGIScriptAliasMatch ^(.*) /var/hg/htdocs/hgweb.wsgi$1
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>