Mercurial > public > mercurial-scm > hg-stable

diff mercurial/hgweb/hgweb_mod.py @ 39487:17ca967e9fca

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: map Abort to 403 error to report inaccessible path for example Abort is so common in our codebase. We could instead introduce a dedicated type for path auditing errors, but we'll probably have to catch error.Abort anyway. As you can see, an abort message may include a full path to the repository, which might be considered information leak. If that matters, we should hide the message and send it to the server log instead.
author Yuya Nishihara <yuya@tcha.org>
date Sun, 26 Aug 2018 22:23:25 +0900
parents 4167437a45dd
children b63dee7bd0d9
line wrap: on
line diff
--- a/mercurial/hgweb/hgweb_mod.py	Fri Sep 07 22:19:28 2018 +0900
+++ b/mercurial/hgweb/hgweb_mod.py	Sun Aug 26 22:23:25 2018 +0900
@@ -439,6 +439,10 @@
             res.status = '500 Internal Server Error'
             res.headers['Content-Type'] = ctype
             return rctx.sendtemplate('error', error=pycompat.bytestr(e))
+        except error.Abort as e:
+            res.status = '403 Forbidden'
+            res.headers['Content-Type'] = ctype
+            return rctx.sendtemplate('error', error=pycompat.bytestr(e))
         except ErrorResponse as e:
             for k, v in e.headers:
                 res.headers[k] = v