[PATCH 5 of 6 V3] hgweb: blacklist heavyweight revset functions in hgweb search
Alexander Plavin
alexander at plav.in
Thu Aug 22 10:11:16 CDT 2013
# HG changeset patch
# User Alexander Plavin <alexander at plav.in>
# Date 1374269558 -14400
# Sat Jul 20 01:32:38 2013 +0400
# Node ID 3767921c4b274499fe4254bdafef56bba346b088
# Parent 5734dd4b2bd2a859a2ef0be6e0f4485f028abf6e
hgweb: blacklist heavyweight revset functions in hgweb search
Disallow usage of functions 'contains' and 'grep'.
diff -r 5734dd4b2bd2 -r 3767921c4b27 mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py Wed Aug 07 01:21:31 2013 +0400
+++ b/mercurial/hgweb/webcommands.py Sat Jul 20 01:32:38 2013 +0400
@@ -179,6 +179,10 @@
if any_((token, (value or '')[:3]) == ('string', 're:')
for token, value, pos in revset.tokenize(revdef)):
return 'kw', query
+ funcsused = revset.funcsused(tree)
+ blacklist = set(['contains', 'grep'])
+ if funcsused & blacklist:
+ return 'kw', query
mfunc = revset.match(None, revdef)
try:
More information about the Mercurial-devel
mailing list