# HG changeset patch # User Matt Mackall # Date 1385409036 21600 # Node ID 224e960787084f4648dd20906ba43c141f9f827e # Parent b3483223f73475054dd2ced4fccef0d44bdf7bb5 subrepo: sanitize non-hg subrepos diff -r b3483223f734 -r 224e96078708 mercurial/subrepo.py --- a/mercurial/subrepo.py Mon Nov 25 13:46:46 2013 -0600 +++ b/mercurial/subrepo.py Mon Nov 25 13:50:36 2013 -0600 @@ -312,6 +312,18 @@ if abort: raise util.Abort(_("default path for subrepository not found")) +def _sanitize(ui, path): + def v(arg, dirname, names): + if os.path.basename(dirname).lower() != '.hg': + return + for f in names: + if f.lower() == 'hgrc': + ui.warn( + _("warning: removing potentially hostile .hg/hgrc in '%s'" + % path)) + os.unlink(os.path.join(dirname, f)) + os.walk(path, v, None) + def itersubrepos(ctx1, ctx2): """find subrepos in ctx1 or ctx2""" # Create a (subpath, ctx) mapping where we prefer subpaths from @@ -988,6 +1000,7 @@ # update to a directory which has since been deleted and recreated. args.append('%s@%s' % (state[0], state[1])) status, err = self._svncommand(args, failok=True) + _sanitize(self._ui, self._path) if not re.search('Checked out revision [0-9]+.', status): if ('is already a working copy for a different URL' in err and (self._wcchanged()[:2] == (False, False))): @@ -1248,6 +1261,7 @@ self._gitcommand(['reset', 'HEAD']) cmd.append('-f') self._gitcommand(cmd + args) + _sanitize(self._ui, self._path) def rawcheckout(): # no branch to checkout, check it out with no branch @@ -1331,6 +1345,7 @@ self.get(state) # fast forward merge elif base != self._state[1]: self._gitcommand(['merge', '--no-commit', revision]) + _sanitize(self._ui, self._path) if self.dirty(): if self._gitstate() != revision: