[PATCH 6 of 6 V2] hgweb, config: make search restrictions configurable with web.restrictsearch
Alexander Plavin
alexander at plav.in
Fri Aug 16 15:03:30 CDT 2013
# HG changeset patch
# User Alexander Plavin <alexander at plav.in>
# Date 1376651054 -14400
# Fri Aug 16 15:04:14 2013 +0400
# Node ID 7ab9fd34cfad91aeb07558fbacce36eaef28abe5
# Parent b913f96bf64f241a3253f64a71d637f440ab5ded
hgweb, config: make search restrictions configurable with web.restrictsearch
Add boolean config option to allow disabling all search restrictions.
diff -r b913f96bf64f -r 7ab9fd34cfad mercurial/help/config.txt
--- a/mercurial/help/config.txt Sat Jul 20 01:32:38 2013 +0400
+++ b/mercurial/help/config.txt Fri Aug 16 15:04:14 2013 +0400
@@ -1461,6 +1461,10 @@
Whether to require that inbound pushes be transported over SSL to
prevent password sniffing. Default is True.
+``restrictsearch``
+ Whether to restrict usage of regular expressions and
+ heavyweight revset functions in search. Default is True.
+
``staticurl``
Base URL to use for static files. If unset, static files (e.g. the
hgicon.png favicon) will be served by the CGI script itself. Use
diff -r b913f96bf64f -r 7ab9fd34cfad mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py Sat Jul 20 01:32:38 2013 +0400
+++ b/mercurial/hgweb/webcommands.py Fri Aug 16 15:04:14 2013 +0400
@@ -175,13 +175,14 @@
# no revset syntax used
return 'kw'
- if any((token, (value or '')[:3]) == ('string', 're:')
- for token, value, pos in revset.tokenize(revdef)):
- return 'kw'
- funcsused = revset.funcsused(tree)
- blacklist = set(['contains', 'grep'])
- if funcsused & blacklist:
- return 'kw'
+ if web.configbool('web', 'restrictsearch', True):
+ if any((token, (value or '')[:3]) == ('string', 're:')
+ for token, value, pos in revset.tokenize(revdef)):
+ return 'kw'
+ funcsused = revset.funcsused(tree)
+ blacklist = set(['contains', 'grep'])
+ if funcsused & blacklist:
+ return 'kw'
mfunc = revset.match(None, revdef)
try:
More information about the Mercurial-devel
mailing list