[PATCH 13 of 14 "] hidden: support passing --hidden with `serve --stdio`

Pierre-Yves David pierre-yves.david at ens-lyon.org
Sat Apr 13 19:40:43 EDT 2019


# HG changeset patch
# User Manuel Jacob <me at manueljacob.de>
# Date 1555119887 -7200
#      Sat Apr 13 03:44:47 2019 +0200
# Node ID 8e2e24e9da81838ededb601dea208d5ed21a35f4
# Parent  b05e8ee5498f8d3b0c3419309a4a476d791e169d
# EXP-Topic hgweb-obsolete
# Available At https://bitbucket.org/octobus/mercurial-devel/
#              hg pull https://bitbucket.org/octobus/mercurial-devel/ -r 8e2e24e9da81
hidden: support passing --hidden with `serve --stdio`

This currently has no effect since the server code will filter the repository
again. However, it is clearer to put this changes in its own changesets.

This will mostly impact ssh peers, clients being now able to pass --hidden when
spawning the server. This new flag might be rejected by existing script in
charge of validating the ssh command line. This rejection seems reasonable as
the people using such scripts will likely prefer the new feature to be rejected
until they audit it.

See the next changeset for details on how this is going to be used.

diff --git a/mercurial/dispatch.py b/mercurial/dispatch.py
--- a/mercurial/dispatch.py
+++ b/mercurial/dispatch.py
@@ -305,11 +305,16 @@ def _runcatch(req):
                 # shenanigans wherein a user does something like pass
                 # --debugger or --config=ui.debugger=1 as a repo
                 # name. This used to actually run the debugger.
-                if (len(req.args) != 4 or
+                nbargs = 4
+                hashiddenaccess = '--hidden' in cmdargs
+                if hashiddenaccess:
+                    nbargs += 1
+                if (len(req.args) != nbargs or
                     req.args[0] != '-R' or
                     req.args[1].startswith('--') or
                     req.args[2] != 'serve' or
-                    req.args[3] != '--stdio'):
+                    req.args[3] != '--stdio' or
+                    hashiddenaccess and req.args[4] != '--hidden'):
                     raise error.Abort(
                         _('potentially unsafe serve --stdio invocation: %s') %
                         (stringutil.pprint(req.args),))


More information about the Mercurial-devel mailing list