Tarball support v0.2

Wojciech Milkowski wmilkowski at interia.pl
Sat Aug 20 08:10:03 CDT 2005

Sorry for discontinuing thread, I have some problems with receiving 
e-mails from mercurial list, probably SPF related, so I changed my 
address temporarily.

Goffredo Baroncelli wrote:

 > he patch attached should highlight how obtain the changeset hash; if 
you change
 > #node# in #node|short# in the changeset.tmpl you get the short hash

Indeed, that was first solution I was thinking of, but the problem is 
that it breaks main security rule: "Don't trust incoming user data".
In this case there is possibility to fake revision number simply by 
rewriting URL. That's not a big security hole, but IMHO it's just bad 
solution. I would rather obtain revision internally basing on manifest 
hash. I believe it's simple task, can anybody confirm that?


Dla kobiet i nie tylko! ;-) >>> http://link.interia.pl/f18aa

More information about the Mercurial mailing list