Mercurial > hg

changeset 37250:9640ccf44ac0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lfs: ensure the transfer request is for a known URI Since the dispatching code only checks the beginning of the string, this enforces that there's only one more path component.
author Matt Harbison <matt_harbison@yahoo.com>
date Sat, 31 Mar 2018 23:58:08 -0400
parents fe061e47a2cf
children 7c0f40f4f7bf
files hgext/lfs/wireprotolfsserver.py
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/hgext/lfs/wireprotolfsserver.py	Sat Mar 31 23:47:56 2018 -0400
+++ b/hgext/lfs/wireprotolfsserver.py	Sat Mar 31 23:58:08 2018 -0400
@@ -22,6 +22,7 @@
 HTTP_OK = hgwebcommon.HTTP_OK
 HTTP_CREATED = hgwebcommon.HTTP_CREATED
 HTTP_BAD_REQUEST = hgwebcommon.HTTP_BAD_REQUEST
+HTTP_NOT_FOUND = hgwebcommon.HTTP_NOT_FOUND
 
 def handlewsgirequest(orig, rctx, req, res, checkperm):
     """Wrap wireprotoserver.handlewsgirequest() to possibly process an LFS
@@ -244,6 +245,10 @@
     oid = req.dispatchparts[-1]
     localstore = repo.svfs.lfslocalblobstore
 
+    if len(req.dispatchparts) != 4:
+        _sethttperror(res, HTTP_NOT_FOUND)
+        return True
+
     if method == b'PUT':
         checkperm('upload')