[PATCH 3 of 3 RFC] hgweb: config option to blacklist some revset functions in hgweb search
Alexander Plavin
alexander at plav.in
Tue Aug 6 16:30:58 CDT 2013
# HG changeset patch
# User Alexander Plavin <alexander at plav.in>
# Date 1374269558 -14400
# Sat Jul 20 01:32:38 2013 +0400
# Node ID 86ff3497fb114d66425d8ce6d05dfc9dc83cb9e8
# Parent b4310435ce2ebeb2b65871a63060c97b8a04c608
hgweb: config option to blacklist some revset functions in hgweb search
This option defaults to ['contains'], as this is a heavy-weight function.
diff -r b4310435ce2e -r 86ff3497fb11 mercurial/help/config.txt
--- a/mercurial/help/config.txt Wed Aug 07 01:16:14 2013 +0400
+++ b/mercurial/help/config.txt Sat Jul 20 01:32:38 2013 +0400
@@ -1461,6 +1461,10 @@
Whether to require that inbound pushes be transported over SSL to
prevent password sniffing. Default is True.
+``revsetblacklist``
+ List of revset functions which are not allowed in search queries.
+ Default is 'contains'.
+
``staticurl``
Base URL to use for static files. If unset, static files (e.g. the
hgicon.png favicon) will be served by the CGI script itself. Use
diff -r b4310435ce2e -r 86ff3497fb11 mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py Wed Aug 07 01:16:14 2013 +0400
+++ b/mercurial/hgweb/webcommands.py Sat Jul 20 01:32:38 2013 +0400
@@ -211,7 +211,11 @@
# can't parse to a tree
modename = 'kw'
else:
- if revset.depth(tree) > 2:
+ funcsused = revset.funcsused(tree)
+ blacklist = web.configlist('web', 'revsetblacklist', ['contains'])
+ blacklist = set(blacklist)
+
+ if revset.depth(tree) > 2 and not funcsused & blacklist:
mfunc = revset.match(None, revdef)
try:
# try running against empty subset
@@ -221,7 +225,7 @@
# can't run the revset query, e.g. some function misspelled
modename = 'kw'
else:
- # no revset syntax used
+ # no revset syntax used or blacklisted functions in the query
modename = 'kw'
searchfunc = searchfuncs[modename]
More information about the Mercurial-devel
mailing list