[PATCH] hgweb: fail if an invalid command was supplied in url path (issue4071)

Anton Shestakov engored at ya.ru
Mon Sep 22 10:48:57 CDT 2014


# HG changeset patch
# User Anton Shestakov <engored at ya.ru>
# Date 1411397198 -32400
#      Mon Sep 22 23:46:38 2014 +0900
# Node ID e7a296512bdffc2238b6acceb6e2314a2842b900
# Parent  5e16fe6fdd32124c3295db5ec40b076084cc5bd4
hgweb: fail if an invalid command was supplied in url path (issue4071)

Currently hgweb produces an http 400 error only if an invalid command was
supplied using url query (i.e. "?cmd=badcmd"). If an invalid command was
supplied as a url path fragment (i.e. "/badcmd/"), hgweb silently falls back to
rendering the repo overview page ("/"). This is inconsistent and breaks some
tools that rely on http status codes (as noted in the issue4071). So this patch
makes hgweb fail in both cases with "400 no such method".

That issue, however, is about a command with some arguments, such as revision
and file ("/badcmd/tip/foo.txt"). It is possible to fix only that case, but
this particular patch is more generic and will make hgweb produce 400 status
code even if the command is not followed by any arguments ("/badcmd").

diff --git a/mercurial/hgweb/hgweb_mod.py b/mercurial/hgweb/hgweb_mod.py
--- a/mercurial/hgweb/hgweb_mod.py
+++ b/mercurial/hgweb/hgweb_mod.py
@@ -200,8 +200,6 @@ class hgweb(object):
             # avoid accepting e.g. style parameter as command
             if util.safehasattr(webcommands, cmd):
                 req.form['cmd'] = [cmd]
-            else:
-                cmd = ''
 
             if cmd == 'static':
                 req.form['file'] = ['/'.join(args)]
diff --git a/tests/test-hgweb.t b/tests/test-hgweb.t
--- a/tests/test-hgweb.t
+++ b/tests/test-hgweb.t
@@ -122,6 +122,20 @@ should give a 400 - bad command
   error: no such method: spam
   [1]
 
+should give a 400 - bad command as a part of url path (issue4071)
+
+  $ "$TESTDIR/get-with-headers.py" --headeronly localhost:$HGPORT 'spam'
+  400 no such method: spam
+  [1]
+
+  $ "$TESTDIR/get-with-headers.py" --headeronly localhost:$HGPORT 'raw-spam'
+  400 no such method: spam
+  [1]
+
+  $ "$TESTDIR/get-with-headers.py" --headeronly localhost:$HGPORT 'spam/tip/foo'
+  400 no such method: spam
+  [1]
+
 should give a 404 - file does not exist
 
   $ "$TESTDIR/get-with-headers.py" localhost:$HGPORT 'file/tip/bork?style=raw'
@@ -308,7 +322,7 @@ stop and restart
 Test the access/error files are opened in append mode
 
   $ python -c "print len(file('access.log').readlines()), 'log lines written'"
-  10 log lines written
+  13 log lines written
 
 static file
 


More information about the Mercurial-devel mailing list