[PATCH 2 of 2] hgweb: respond HTTP_NOT_FOUND when an archive request does not match any files
Angel Ezquerra
angel.ezquerra at gmail.com
Thu Mar 21 17:44:17 CDT 2013
# HG changeset patch
# User Angel Ezquerra <angel.ezquerra at gmail.com>
# Date 1363904857 -3600
# Thu Mar 21 23:27:37 2013 +0100
# Node ID e2feb2896b75863fdff27292db32dbc56b20a3dd
# Parent e068221f22216fbddf7f6d54c1d27bf264defe87
hgweb: respond HTTP_NOT_FOUND when an archive request does not match any files
diff --git a/mercurial/hgweb/webcommands.py b/mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py
+++ b/mercurial/hgweb/webcommands.py
@@ -819,15 +819,16 @@
ctx = webutil.changectx(web.repo, req)
pats = []
+ matchfn = None
file = req.form.get('file', None)
if file:
- file = file[0]
- patandfile = file.split(':')
- if len(patandfile) > 1 and patandfile[0].lower() in ('glob', 'relglob',
- 'path', 'relpath', 're', 'relre', 'set'):
- msg = 'Archive pattern not allowed: %s' % file
- raise ErrorResponse(HTTP_FORBIDDEN, msg)
- pats = ['path:' + file]
+ pats = ['path:' + file[0]]
+ matchfn = scmutil.match(ctx, pats, default='path')
+ if pats:
+ files = [f for f in ctx.manifest().keys() if matchfn(f)]
+ if not files:
+ raise ErrorResponse(HTTP_NOT_FOUND,
+ 'file(s) not found: %s' % file[0])
mimetype, artype, extension, encoding = web.archive_specs[type_]
headers = [
@@ -838,7 +839,6 @@
req.headers.extend(headers)
req.respond(HTTP_OK, mimetype)
- matchfn = scmutil.match(ctx, pats, default='path')
archival.archive(web.repo, req, cnode, artype, prefix=name,
matchfn=matchfn,
subrepos=web.configbool("web", "archivesubrepos"))
diff --git a/tests/test-archive.t b/tests/test-archive.t
--- a/tests/test-archive.t
+++ b/tests/test-archive.t
@@ -108,10 +108,15 @@
$ python getarchive.py "$TIP" gz foo | gunzip | tar tf - 2>/dev/null
test-archive-2c0277f05ed4/foo
+test that we detect file patterns that match no files
+
+ $ python getarchive.py "$TIP" gz foobar
+ HTTP Error 404: file(s) not found: foobar
+
test that we reject unsafe patterns
$ python getarchive.py "$TIP" gz relre:baz
- HTTP Error 403: Archive pattern not allowed: relre:baz
+ HTTP Error 404: file(s) not found: relre:baz
$ "$TESTDIR/killdaemons.py" $DAEMON_PIDS
More information about the Mercurial-devel
mailing list