[PATCH 5 of 6 V3] hgweb: blacklist heavyweight revset functions in hgweb search

Alexander Plavin alexander at plav.in
Sat Aug 31 07:43:32 CDT 2013



29.08.2013, 10:04, "FUJIWARA Katsunori" <foozy at lares.dti.ne.jp>:
> At Thu, 22 Aug 2013 19:11:16 +0400,
> Alexander Plavin wrote:
>
>>  # HG changeset patch
>>  # User Alexander Plavin <alexander at plav.in>
>>  # Date 1374269558 -14400
>>  #      Sat Jul 20 01:32:38 2013 +0400
>>  # Node ID 3767921c4b274499fe4254bdafef56bba346b088
>>  # Parent  5734dd4b2bd2a859a2ef0be6e0f4485f028abf6e
>>  hgweb: blacklist heavyweight revset functions in hgweb search
>>
>>  Disallow usage of functions 'contains' and 'grep'.
>>
>>  diff -r 5734dd4b2bd2 -r 3767921c4b27 mercurial/hgweb/webcommands.py
>>  --- a/mercurial/hgweb/webcommands.py Wed Aug 07 01:21:31 2013 +0400
>>  +++ b/mercurial/hgweb/webcommands.py Sat Jul 20 01:32:38 2013 +0400
>>  @@ -179,6 +179,10 @@
>>           if any_((token, (value or '')[:3]) == ('string', 're:')
>>                  for token, value, pos in revset.tokenize(revdef)):
>>               return 'kw', query
>>  +        funcsused = revset.funcsused(tree)
>>  +        blacklist = set(['contains', 'grep'])
>>  +        if funcsused & blacklist:
>>  +            return 'kw', query
>
> IMHO, "blacklist" information of revsets should be managed in
> mercurial/revset.py, for ease of maintenance in future (following
> newly added predicates, for example).

Not sure if I am for or against this, so probably neutral :) I would like to hear other opinions, and if it's really more suitable then no problem to move the related code to revset.py.

>
>>           mfunc = revset.match(None, revdef)
>>           try:
>>  _______________________________________________
>>  Mercurial-devel mailing list
>>  Mercurial-devel at selenic.com
>>  http://selenic.com/mailman/listinfo/mercurial-devel
>
> ----------------------------------------------------------------------
> [FUJIWARA Katsunori]                             foozy at lares.dti.ne.jp


More information about the Mercurial-devel mailing list