[PATCH] hgweb: add support for colon-separated revision format in search
Alexander Plavin
me at aplavin.ru
Wed Jul 17 04:50:46 CDT 2013
2013/7/16 Martin Geisler <martin at geisler.net>:
> Alexander Plavin <me at aplavin.ru> writes:
>
>> # HG changeset patch
>> # User Alexander Plavin <me at aplavin.ru>
>> # Date 1373830561 -14400
>> # Sun Jul 14 23:36:01 2013 +0400
>> # Node ID 52803877038ae1a817e467fb8d49cb584b984742
>> # Parent 390ff286651b30b2a5f71a1901bb34aefec1c6f9
>> hgweb: add support for colon-separated revision format in search
>>
>> Now it's possible to specify a revision in the format
>> <definion 1>:<definition 2>, if <definion 1> and <definition 2> point to
>> the same place, like in other parts of hg.
>
> In other parts of Mercurial, this works because "x:y" means "changesets
> with revision numbers between x and y" (see "hg help revsets").
>
> The parsing of "x:y" is done by the revset parser, see revset.rangeset.
> I would have imagined that the search in hgweb would use the same parser
> so you avoid hard-coding parts of the revset syntax (specifically ":")
> in hgweb.
Yes, I know this, but there is a difference in hgweb search. When you
type a direct pointer to a specific revision (number or hash), then
you have the log starting with this revision (and not only one
revision, which you've typed). In other cases, a search is performed,
and only matched revisions are shown (not all the log starting from
them). So, we can't simply use that piece of code (I've explored
revrange function and related).
>
> Have you tried asking the Bitbucket guys (such as Brodie) if we can get
> their backend code that restricts revsets to a safe subset? They might
> be interested in open sourcing that code.
>
> Alternatively, I think it should be possible to implement it again by
> recursively searching through the parsed revset query (the parse tree)
> and only allow queries where all functions are on a whitelist.
I'm planning to implement it this way (as there were no objections to
my questions about it on the ML), and it's almost clear how to do
this.
>
> --
> Martin Geisler
More information about the Mercurial-devel
mailing list