[PATCH STABLE] hgwebdir: read 'web.template' untrusted
Boris Feld
boris.feld at octobus.net
Mon Sep 18 08:04:29 UTC 2017
# HG changeset patch
# User Boris Feld <boris.feld at octobus.net>
# Date 1505494670 -7200
# ven. sept. 15 18:57:50 2017 +0200
# Branch stable
# Node ID 19e507500cec6a3cf5008bbf9ce73d194cc7c250
# Parent 1908dc95863957aa1a8375c91bd02d1c7bb3d577
hgwebdir: read 'web.template' untrusted
The 'hgweb_mod.py' version of this read it untrusted. For consistency we align
the two versions of this code.
diff -r 1908dc958639 -r 19e507500cec mercurial/hgweb/hgwebdir_mod.py
--- a/mercurial/hgweb/hgwebdir_mod.py lun. sept. 11 15:59:18 2017 -0700
+++ b/mercurial/hgweb/hgwebdir_mod.py ven. sept. 15 18:57:50 2017 +0200
@@ -173,7 +173,8 @@
encoding.encoding = self.ui.config('web', 'encoding',
encoding.encoding)
self.style = self.ui.config('web', 'style', 'paper')
- self.templatepath = self.ui.config('web', 'templates', None)
+ self.templatepath = self.ui.config('web', 'templates', None,
+ untrusted=False)
self.stripecount = self.ui.config('web', 'stripes', 1)
if self.stripecount:
self.stripecount = int(self.stripecount)
More information about the Mercurial-devel
mailing list