Mercurial > hg
changeset 15552:62c9183a0bbb stable
clone: don't save user's password in .hg/hgrc (Issue3122)
author | Augie Fackler <durin42@gmail.com> |
---|---|
date | Tue, 22 Nov 2011 12:06:42 -0600 |
parents | 1fa41d1f1351 |
children | e89385e4ef8d |
files | mercurial/hg.py tests/test-pull-http.t tests/test-pull.t |
diffstat | 3 files changed, 24 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/hg.py Tue Nov 22 17:26:32 2011 -0600 +++ b/mercurial/hg.py Tue Nov 22 12:06:42 2011 -0600 @@ -356,10 +356,13 @@ if destrepo.local(): fp = destrepo.opener("hgrc", "w", text=True) fp.write("[paths]\n") - fp.write("default = %s\n" % abspath) + u = util.url(abspath) + u.passwd = None + defaulturl = str(u) + fp.write("default = %s\n" % defaulturl) fp.close() - destrepo.ui.setconfig('paths', 'default', abspath) + destrepo.ui.setconfig('paths', 'default', defaulturl) if update: if update is not True:
--- a/tests/test-pull-http.t Tue Nov 22 17:26:32 2011 -0600 +++ b/tests/test-pull-http.t Tue Nov 22 12:06:42 2011 -0600 @@ -12,13 +12,30 @@ $ echo a >> a $ hg ci -mb +Cloning with a password in the URL should not save the password in .hg/hgrc: + + $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log + $ cat hg.pid >> $DAEMON_PIDS + $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3 + requesting all changes + adding changesets + adding manifests + adding file changes + added 2 changesets with 2 changes to 1 files + updating to branch default + 1 files updated, 0 files merged, 0 files removed, 0 files unresolved + $ cat test3/.hg/hgrc + [paths] + default = http://foo@localhost:$HGPORT/ + $ "$TESTDIR/killdaemons.py" + expect error, cloning not allowed $ echo '[web]' > .hg/hgrc $ echo 'allowpull = false' >> .hg/hgrc $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log $ cat hg.pid >> $DAEMON_PIDS - $ hg clone http://localhost:$HGPORT/ test3 + $ hg clone http://localhost:$HGPORT/ test4 requesting all changes abort: authorization failed [255]
--- a/tests/test-pull.t Tue Nov 22 17:26:32 2011 -0600 +++ b/tests/test-pull.t Tue Nov 22 12:06:42 2011 -0600 @@ -43,7 +43,7 @@ 2ed2a3912a0b24502043eae84ee4b279c18b90dd 644 foo $ hg pull - pulling from http://foo:***@localhost:$HGPORT/ + pulling from http://foo@localhost:$HGPORT/ searching for changes no changes found