Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/hgweb/hgweb_mod.py @ 39487:17ca967e9fca
hgweb: map Abort to 403 error to report inaccessible path for example
Abort is so common in our codebase. We could instead introduce a dedicated
type for path auditing errors, but we'll probably have to catch error.Abort
anyway.
As you can see, an abort message may include a full path to the repository,
which might be considered information leak. If that matters, we should hide
the message and send it to the server log instead.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Sun, 26 Aug 2018 22:23:25 +0900 |
| parents | 4167437a45dd |
| children | b63dee7bd0d9 |
comparison
equal
deleted
inserted
replaced
| 39486:1a786fe069b8 | 39487:17ca967e9fca |
|---|---|
| 437 return rctx.sendtemplate('error', error=msg) | 437 return rctx.sendtemplate('error', error=msg) |
| 438 except (error.RepoError, error.RevlogError) as e: | 438 except (error.RepoError, error.RevlogError) as e: |
| 439 res.status = '500 Internal Server Error' | 439 res.status = '500 Internal Server Error' |
| 440 res.headers['Content-Type'] = ctype | 440 res.headers['Content-Type'] = ctype |
| 441 return rctx.sendtemplate('error', error=pycompat.bytestr(e)) | 441 return rctx.sendtemplate('error', error=pycompat.bytestr(e)) |
| 442 except error.Abort as e: | |
| 443 res.status = '403 Forbidden' | |
| 444 res.headers['Content-Type'] = ctype | |
| 445 return rctx.sendtemplate('error', error=pycompat.bytestr(e)) | |
| 442 except ErrorResponse as e: | 446 except ErrorResponse as e: |
| 443 for k, v in e.headers: | 447 for k, v in e.headers: |
| 444 res.headers[k] = v | 448 res.headers[k] = v |
| 445 res.status = statusmessage(e.code, pycompat.bytestr(e)) | 449 res.status = statusmessage(e.code, pycompat.bytestr(e)) |
| 446 res.headers['Content-Type'] = ctype | 450 res.headers['Content-Type'] = ctype |