D4525: narrow: validate patterns on incoming bundle2 part
indygreg (Gregory Szorc)
phabricator at mercurial-scm.org
Tue Sep 11 18:52:36 UTC 2018
indygreg created this revision.
Herald added a reviewer: durin42.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
The remote data is untrusted and needs to be validated for
pattern conformance.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D4525
AFFECTED FILES
hgext/narrow/narrowbundle2.py
CHANGE DETAILS
diff --git a/hgext/narrow/narrowbundle2.py b/hgext/narrow/narrowbundle2.py
--- a/hgext/narrow/narrowbundle2.py
+++ b/hgext/narrow/narrowbundle2.py
@@ -195,6 +195,9 @@
def _handlechangespec_2(op, inpart):
includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines())
excludepats = set(inpart.params.get(_SPECPART_EXCLUDE, '').splitlines())
+ narrowspec.validatepatterns(includepats)
+ narrowspec.validatepatterns(excludepats)
+
if not repository.NARROW_REQUIREMENT in op.repo.requirements:
op.repo.requirements.add(repository.NARROW_REQUIREMENT)
op.repo._writerequirements()
To: indygreg, durin42, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list