[PATCH 0 of 6] don't blindly trust .hg/hgrc files

Thomas Arendsen Hein thomas at intevation.de
Thu Oct 26 12:34:40 CDT 2006 

* Alexis S. L. Carvalho <alexis at cecm.usp.br> [20061018 07:57]:
> (patches also available at
> http://www.cecm.usp.br/~alexis/cgi-bin/hgwebdir.cgi/asak/
> )

Pushed to crew with some cosmetic modifications.

Additionally this patch was needed to keep the apache log small:

# HG changeset patch
# User Thomas Arendsen Hein <thomas at intevation.de>
# Date 1161883545 -7200
# Node ID f7dee427cd140345a232c3d5bec8bcae76d5e5b8
# Parent  c3043ebe40a02af30db7fdebaa7513b96f39ce11
Turn of "Not trusting file" logging when running hgweb and hgwebdir
(hg serve still shows the warning)

diff -r c3043ebe40a0 -r f7dee427cd14 mercurial/hgweb/hgweb_mod.py
--- a/mercurial/hgweb/hgweb_mod.py	Thu Oct 26 19:25:45 2006 +0200
+++ b/mercurial/hgweb/hgweb_mod.py	Thu Oct 26 19:25:45 2006 +0200
@@ -69,7 +69,7 @@ class hgweb(object):
 class hgweb(object):
     def __init__(self, repo, name=None):
         if type(repo) == type(""):
-            self.repo = hg.repository(ui.ui(), repo)
+            self.repo = hg.repository(ui.ui(report_untrusted=False), repo)
         else:
             self.repo = repo
 
diff -r c3043ebe40a0 -r f7dee427cd14 mercurial/hgweb/hgwebdir_mod.py
--- a/mercurial/hgweb/hgwebdir_mod.py	Thu Oct 26 19:25:45 2006 +0200
+++ b/mercurial/hgweb/hgwebdir_mod.py	Thu Oct 26 19:25:45 2006 +0200
@@ -110,7 +110,7 @@ class hgwebdir(object):
             rows = []
             parity = 0
             for name, path in self.repos:
-                u = ui.ui()
+                u = ui.ui(report_untrusted=False)
                 try:
                     u.readconfig(os.path.join(path, '.hg', 'hgrc'))
                 except IOError:
diff -r c3043ebe40a0 -r f7dee427cd14 mercurial/ui.py
--- a/mercurial/ui.py	Thu Oct 26 19:25:45 2006 +0200
+++ b/mercurial/ui.py	Thu Oct 26 19:25:45 2006 +0200
@@ -26,7 +26,8 @@ def updateconfig(source, dest, sections=
 
 class ui(object):
     def __init__(self, verbose=False, debug=False, quiet=False,
-                 interactive=True, traceback=False, parentui=None):
+                 interactive=True, traceback=False, report_untrusted=True,
+                 parentui=None):
         self.overlay = None
         self.header = []
         self.prev_header = []
@@ -39,6 +40,7 @@ class ui(object):
             self.debugflag = debug
             self.interactive = interactive
             self.traceback = traceback
+            self.report_untrusted = report_untrusted
             self.trusted_users = {}
             self.trusted_groups = {}
             # if ucdata is not None, its keys must be a superset of cdata's
@@ -98,7 +100,7 @@ class ui(object):
             user = util.username(st.st_uid)
             group = util.groupname(st.st_gid)
             if user not in tusers and group not in tgroups:
-                if warn:
+                if warn and self.report_untrusted:
                     self.warn(_('Not trusting file %s from untrusted '
                                 'user %s, group %s\n') % (f, user, group))
                 return False

Thanks,
Thomas

-- 
Email: thomas at intevation.de
http://intevation.de/~thomas/

More information about the Mercurial-devel mailing list