Tarball support v0.2
Wojciech Milkowski
wmilkowski at interia.pl
Sat Aug 20 08:10:03 CDT 2005
Sorry for discontinuing thread, I have some problems with receiving
e-mails from mercurial list, probably SPF related, so I changed my
address temporarily.
Goffredo Baroncelli wrote:
> he patch attached should highlight how obtain the changeset hash; if
you change
> #node# in #node|short# in the changeset.tmpl you get the short hash
[...]
Indeed, that was first solution I was thinking of, but the problem is
that it breaks main security rule: "Don't trust incoming user data".
In this case there is possibility to fake revision number simply by
rewriting URL. That's not a big security hole, but IMHO it's just bad
solution. I would rather obtain revision internally basing on manifest
hash. I believe it's simple task, can anybody confirm that?
Wojtek
----------------------------------------------------------------------
Dla kobiet i nie tylko! ;-) >>> http://link.interia.pl/f18aa
More information about the Mercurial
mailing list