Mercurial Mercurial > hg / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -1 +1 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fri, 20 Jan 2017 21:33:18 +0900 revset: prevent using outgoing() and remote() in hgweb session (BC) stable
changeset
Yuya Nishihara <yuya@tcha.org> [Fri, 20 Jan 2017 21:33:18 +0900] rev 30850
revset: prevent using outgoing() and remote() in hgweb session (BC) outgoing() and remote() may stall for long due to network I/O, which seems unsafe per definition, "whether a predicate is safe for DoS attack." But I'm not 100% sure about this. If our concern isn't elapsed time but CPU resource, these predicates are considered safe. Perhaps that would be up to the web/application server configuration? Anyway, outgoing() and remote() wouldn't be useful in hgweb, so I think it's okay to ban them.
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -1 +1 +10 +30 +100 +300 +1000 +3000 +10000 tip
Mercurial