Mercurial > hg

changeset 29788:b1809f5d7630

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: document why we don't allow untrusted settings to control zlib Added comment per discussion on mercurial-devel.
author Gregory Szorc <gregory.szorc@gmail.com>
date Mon, 15 Aug 2016 20:39:33 -0700
parents 80df04266a16
children 66e038fb3c0d
files mercurial/hgweb/protocol.py
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/hgweb/protocol.py	Sun Aug 14 18:37:24 2016 -0700
+++ b/mercurial/hgweb/protocol.py	Mon Aug 15 20:39:33 2016 -0700
@@ -74,6 +74,9 @@
         self.ui.ferr, self.ui.fout = self.oldio
         return val
     def groupchunks(self, cg):
+        # Don't allow untrusted settings because disabling compression or
+        # setting a very high compression level could lead to flooding
+        # the server's network or CPU.
         z = zlib.compressobj(self.ui.configint('server', 'zliblevel', -1))
         while True:
             chunk = cg.read(4096)