[PATCH 5 of 6 V2] hgweb: blacklist heavyweight revset functions in hgweb search

Alexander Plavin alexander at plav.in
Fri Aug 16 15:03:29 CDT 2013


# HG changeset patch
# User Alexander Plavin <alexander at plav.in>
# Date 1374269558 -14400
#      Sat Jul 20 01:32:38 2013 +0400
# Node ID b913f96bf64f241a3253f64a71d637f440ab5ded
# Parent  916a7171b59f371732758ab473c4bf5467631a13
hgweb: blacklist heavyweight revset functions in hgweb search

Disallow usage of functions 'contains' and 'grep'.

diff -r 916a7171b59f -r b913f96bf64f mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py	Wed Aug 07 01:21:31 2013 +0400
+++ b/mercurial/hgweb/webcommands.py	Sat Jul 20 01:32:38 2013 +0400
@@ -178,6 +178,10 @@
         if any((token, (value or '')[:3]) == ('string', 're:')
                for token, value, pos in revset.tokenize(revdef)):
             return 'kw'
+        funcsused = revset.funcsused(tree)
+        blacklist = set(['contains', 'grep'])
+        if funcsused & blacklist:
+            return 'kw'
 
         mfunc = revset.match(None, revdef)
         try:


More information about the Mercurial-devel mailing list