hg-admin-tools: manage access for multiple developers via ssh
Frank Kingswood
frank at kingswood-consulting.co.uk
Tue Jul 8 02:23:58 CDT 2008
Rolando Espinoza La Fuente wrote:
> On Mon, Jul 7, 2008 at 1:33 AM, Sean Kelley <sean.v.kelley at gmail.com> wrote:
> [...]
>> import re
>>
>> allowedchars = "A-Za-z0-9_-"
>>
>> goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
>> def goodpath(path):
>> return goodpathre.match(path) is not None
>>
>> Can you explain to me why this path fails?
>>
>>
>> $ hg clone ssh://hg@hg.mysite.net/hg/platforms/vendorsrc/pulse/pulseaudio-0.9.8
>
> The dots?
>
> Try:
>
> allowedchars = "A-Za-z0-9_-\."
I think it was trying to stop users using /../ in the path, with this
change that would not be stopped by the regular expression.
Perhaps it was also trying to block hidden files?
Perhaps rewriting the regular expression could help:
goodpathre = re.compile("([%s][%s.]*/)*[%s][%s.]*$" % \
(allowedchars, allowedchars))
Frank
More information about the Mercurial
mailing list