--- a/mercurial/hg.py Tue Nov 22 17:26:32 2011 -0600
+++ b/mercurial/hg.py Tue Nov 22 12:06:42 2011 -0600
@@ -356,10 +356,13 @@
if destrepo.local():
fp = destrepo.opener("hgrc", "w", text=True)
fp.write("[paths]\n")
- fp.write("default = %s\n" % abspath)
+ u = util.url(abspath)
+ u.passwd = None
+ defaulturl = str(u)
+ fp.write("default = %s\n" % defaulturl)
fp.close()
- destrepo.ui.setconfig('paths', 'default', abspath)
+ destrepo.ui.setconfig('paths', 'default', defaulturl)
if update:
if update is not True:
--- a/tests/test-pull-http.t Tue Nov 22 17:26:32 2011 -0600
+++ b/tests/test-pull-http.t Tue Nov 22 12:06:42 2011 -0600
@@ -12,13 +12,30 @@
$ echo a >> a
$ hg ci -mb
+Cloning with a password in the URL should not save the password in .hg/hgrc:
+
+ $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
+ $ cat hg.pid >> $DAEMON_PIDS
+ $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3
+ requesting all changes
+ adding changesets
+ adding manifests
+ adding file changes
+ added 2 changesets with 2 changes to 1 files
+ updating to branch default
+ 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
+ $ cat test3/.hg/hgrc
+ [paths]
+ default = http://foo@localhost:$HGPORT/
+ $ "$TESTDIR/killdaemons.py"
+
expect error, cloning not allowed
$ echo '[web]' > .hg/hgrc
$ echo 'allowpull = false' >> .hg/hgrc
$ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
$ cat hg.pid >> $DAEMON_PIDS
- $ hg clone http://localhost:$HGPORT/ test3
+ $ hg clone http://localhost:$HGPORT/ test4
requesting all changes
abort: authorization failed
[255]
--- a/tests/test-pull.t Tue Nov 22 17:26:32 2011 -0600
+++ b/tests/test-pull.t Tue Nov 22 12:06:42 2011 -0600
@@ -43,7 +43,7 @@
2ed2a3912a0b24502043eae84ee4b279c18b90dd 644 foo
$ hg pull
- pulling from http://foo:***@localhost:$HGPORT/
+ pulling from http://foo@localhost:$HGPORT/
searching for changes
no changes found