[PATCH 5 of 5 hgweb-thread-isolation] hgweb: move templatepath to requestcontext
Gregory Szorc
gregory.szorc at gmail.com
Tue Sep 1 15:58:57 CDT 2015
# HG changeset patch
# User Gregory Szorc <gregory.szorc at gmail.com>
# Date 1440286102 25200
# Sat Aug 22 16:28:22 2015 -0700
# Node ID 011172bffdc70751d1feff4e1e1a2dbf7f166233
# Parent bd603c0e0eb9d852a1d5fa7cf0798dfae942734e
hgweb: move templatepath to requestcontext
This does change behavior in that the templatepath could change during
the lifetime of the server. But everything else can change, I don't see
why template paths can't.
diff --git a/mercurial/hgweb/hgweb_mod.py b/mercurial/hgweb/hgweb_mod.py
--- a/mercurial/hgweb/hgweb_mod.py
+++ b/mercurial/hgweb/hgweb_mod.py
@@ -83,8 +83,15 @@ class requestcontext(object):
self.configint('web', 'maxfiles', 10))
object.__setattr__(self, 'allowpull',
self.configbool('web', 'allowpull', True))
+ # Don't allow untrusted config options because a repo owner may set
+ # the value in .hg/hgrc and gain access to files they normally
+ # can't see because the server can be running as a different
+ # user than the repo owner.
+ object.__setattr__(self, 'templatepath',
+ self.config('web', 'templates', untrusted=False))
+
# Proxy unknown reads and writes to the application instance
# until everything is moved to us.
def __getattr__(self, name):
return getattr(self.app, name)
@@ -157,11 +164,8 @@ class hgweb(object):
hook.redirect(True)
self.repostate = None
self.mtime = -1
self.reponame = name
- # a repo owner may set web.templates in .hg/hgrc to get any file
- # readable by the user running the CGI script
- self.templatepath = self.config('web', 'templates')
self.websubtable = webutil.getwebsubs(r)
# The CGI scripts are often run by a user different from the repo owner.
# Trust the settings from the .hg/hgrc files by default.
More information about the Mercurial-devel
mailing list