[PATCH] hgweb, config: make search restrictions configurable with web.restrictsearch

Kevin Bullock kbullock+mercurial at ringworld.org
Mon Sep 23 15:29:33 CDT 2013

On 22 Sep 2013, at 3:12 AM, Alexander Plavin wrote:

> 22.09.2013, 02:52, "Kevin Bullock" <kbullock+mercurial at ringworld.org>:
>> On 11 Sep 2013, at 11:52 AM, Alexander Plavin wrote:
>>>  # HG changeset patch
>>>  # User Alexander Plavin <alexander at plav.in>
>>>  # Date 1378459856 -14400
>>>  #      Fri Sep 06 13:30:56 2013 +0400
>>>  # Node ID ab7d6890e62500ad220ba733db2af7edf055c5f4
>>>  # Parent  763804a97b788beaad3c9edb05634e068dc17529
>>>  hgweb, config: make search restrictions configurable with web.restrictsearch
>>>  Add boolean config option to allow disabling all search restrictions.
>> I'm not convinced this is ever desirable.
> For local/trusted team use people may want to make regular expressions and all functions allowed in the search (as sometimes it can be more convenient), so it makes sense in my opinion.

Yeah, I ran through that same argument in my head. It's generally not convincing enough for me -- particularly since if you're on a LAN with the repo, it's likely to be fast enough to just clone it and run your own local revsets on it.

In other words, I'm not sure the utility of this outweighs the inevitable risk of having people blindly setting this to True, opening themselves to DoS, and blaming us for it.

pacem in terris / мир / शान्ति / ‎‫سَلاَم‬ / 平和
Kevin R. Bullock

More information about the Mercurial-devel mailing list