Mercurial > hg > mercurial-source

changeset 40257:15e8250a82da

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: do not audit URL path as working-directory path Since hgweb is an interface to repository data, we don't need to prohibit any paths conflicting within the filesystem. Still an access to working files is audited by filectx.
author Yuya Nishihara <yuya@tcha.org>
date Sun, 26 Aug 2018 22:18:09 +0900
parents 17ca967e9fca
children 4e4fae1dda5c
files mercurial/hgweb/webutil.py tests/test-hgwebdir.t
diffstat 2 files changed, 8 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/hgweb/webutil.py
+++ b/mercurial/hgweb/webutil.py
@@ -320,7 +320,8 @@
 
 def cleanpath(repo, path):
     path = path.lstrip('/')
-    return pathutil.canonpath(repo.root, '', path)
+    auditor = pathutil.pathauditor(repo.root, realfs=False)
+    return pathutil.canonpath(repo.root, '', path, auditor=auditor)
 
 def changectx(repo, req):
     changeid = "tip"
--- a/tests/test-hgwebdir.t
+++ b/tests/test-hgwebdir.t
@@ -1231,14 +1231,15 @@
   
   f2
 
-Test accessing file that is shadowed by another repository
+Test accessing file that could be shadowed by another repository if the URL
+path were audited as a working-directory path:
 
   $ get-with-headers.py localhost:$HGPORT1 'rcoll/notrepo/f/file/tip/f3/file?style=raw'
-  403 Forbidden
-  
+  200 Script output follows
   
-  error: path 'f3/file' is inside nested repo 'f3'
-  [1]
+  f3/file
+
+Test accessing working-directory file that is shadowed by another repository
 
   $ get-with-headers.py localhost:$HGPORT1 'rcoll/notrepo/f/file/ffffffffffff/f3/file?style=raw'
   403 Forbidden