# HG changeset patch
# User Matt Harbison <matt_harbison@yahoo.com>
# Date 1484712312 18000
# Node ID da5fa0f13a41969fb6bcba56ff934f7f2391faad
# Parent  9f264adbe75bfae8551dc0e6e0fce8d43fc7b43a
ui: introduce an experimental dict of exportable environment variables

Care needs to be taken to prevent leaking potentially sensitive environment
variables through hgweb, if template support for environment variables is to be
introduced.  There are a few ideas about the API for preventing accidental
leaking [1].  Option 3 seems best from the POV of not needing to configure
anything in the normal case.  I couldn't figure out how to do that, so guard it
with an experimental option for now.

[1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-January/092383.html

diff -r 9f264adbe75b -r da5fa0f13a41 mercurial/ui.py
--- a/mercurial/ui.py	Tue Jan 17 13:44:53 2017 +0800
+++ b/mercurial/ui.py	Tue Jan 17 23:05:12 2017 -0500
@@ -147,6 +147,15 @@
 
             self.httppasswordmgrdb = urlreq.httppasswordmgrwithdefaultrealm()
 
+        allowed = self.configlist('experimental', 'exportableenviron')
+        if '*' in allowed:
+            self._exportableenviron = self.environ
+        else:
+            self._exportableenviron = {}
+            for k in allowed:
+                if k in self.environ:
+                    self._exportableenviron[k] = self.environ[k]
+
     @classmethod
     def load(cls):
         """Create a ui and load global and user configs"""
@@ -1211,6 +1220,12 @@
                 " update your code.)") % version
         self.develwarn(msg, stacklevel=2, config='deprec-warn')
 
+    def exportableenviron(self):
+        """The environment variables that are safe to export, e.g. through
+        hgweb.
+        """
+        return self._exportableenviron
+
     @contextlib.contextmanager
     def configoverride(self, overrides, source=""):
         """Context manager for temporary config overrides