[PATCH 5 of 5 V4] hgweb, config: make search restrictions configurable with web.restrictsearch
Augie Fackler
raf at durin42.com
Thu Sep 5 10:55:24 CDT 2013
On Wed, Sep 04, 2013 at 11:13:08PM +0400, Alexander Plavin wrote:
> # HG changeset patch
> # User Alexander Plavin <alexander at plav.in>
> # Date 1376651054 -14400
> # Fri Aug 16 15:04:14 2013 +0400
> # Node ID 3d9f8ae79b18dbe0b231c0837c416ce6158c3922
> # Parent 939c1b6f7e443f32b801f5e6b85da790fdc5324e
> hgweb, config: make search restrictions configurable with web.restrictsearch
Series looks reasonable, but would like Kevin to look at it too.
>
> Add boolean config option to allow disabling all search restrictions.
>
> diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/help/config.txt
> --- a/mercurial/help/config.txt Sat Jul 20 01:32:38 2013 +0400
> +++ b/mercurial/help/config.txt Fri Aug 16 15:04:14 2013 +0400
> @@ -1461,6 +1461,10 @@
> Whether to require that inbound pushes be transported over SSL to
> prevent password sniffing. Default is True.
>
> +``restrictsearch``
> + Whether to restrict usage of regular expressions and
> + heavyweight revset functions in search. Default is True.
> +
> ``staticurl``
> Base URL to use for static files. If unset, static files (e.g. the
> hgicon.png favicon) will be served by the CGI script itself. Use
> diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/hgweb/webcommands.py
> --- a/mercurial/hgweb/webcommands.py Sat Jul 20 01:32:38 2013 +0400
> +++ b/mercurial/hgweb/webcommands.py Fri Aug 16 15:04:14 2013 +0400
> @@ -179,13 +179,14 @@
> # no revset syntax used
> return MODE_KEYWORD, query
>
> - if util.any((token, (value or '')[:3]) == ('string', 're:')
> - for token, value, pos in revset.tokenize(revdef)):
> - return MODE_KEYWORD, query
> + if web.configbool('web', 'restrictsearch', True):
> + if util.any((token, (value or '')[:3]) == ('string', 're:')
> + for token, value, pos in revset.tokenize(revdef)):
> + return MODE_KEYWORD, query
>
> - funcsused = revset.funcsused(tree)
> - if not funcsused.issubset(revset.safesymbols):
> - return MODE_KEYWORD, query
> + funcsused = revset.funcsused(tree)
> + if not funcsused.issubset(revset.safesymbols):
> + return MODE_KEYWORD, query
>
> mfunc = revset.match(None, revdef)
> try:
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
More information about the Mercurial-devel
mailing list