Mercurial > public > mercurial-scm > hg
comparison mercurial/hgweb/hgweb_mod.py @ 36760:7bf80d9d9543
merge with stable
There were a handful of merge conflicts in the wire protocol code due
to significant refactoring in default. When resolving the conflicts,
I tried to produce the minimal number of changes to make the incoming
security patches work with the new code.
I will send some follow-up commits to get the security patches better
integrated into default.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 06 Mar 2018 14:32:14 -0800 |
| parents | 2442927cdd96 2ecb0fc535b1 |
| children | c638a13093cf |
comparison
equal
deleted
inserted
replaced
| 36747:4c71a26a4009 | 36760:7bf80d9d9543 |
|---|---|
| 35 repoview, | 35 repoview, |
| 36 templatefilters, | 36 templatefilters, |
| 37 templater, | 37 templater, |
| 38 ui as uimod, | 38 ui as uimod, |
| 39 util, | 39 util, |
| 40 wireproto, | |
| 40 wireprotoserver, | 41 wireprotoserver, |
| 41 ) | 42 ) |
| 42 | 43 |
| 43 from . import ( | 44 from . import ( |
| 44 webcommands, | 45 webcommands, |
| 45 webutil, | 46 webutil, |
| 46 wsgicgi, | 47 wsgicgi, |
| 47 ) | 48 ) |
| 48 | 49 |
| 49 perms = { | 50 # Aliased for API compatibility. |
| 50 'changegroup': 'pull', | 51 perms = wireproto.permissions |
| 51 'changegroupsubset': 'pull', | |
| 52 'getbundle': 'pull', | |
| 53 'stream_out': 'pull', | |
| 54 'listkeys': 'pull', | |
| 55 'unbundle': 'push', | |
| 56 'pushkey': 'push', | |
| 57 } | |
| 58 | 52 |
| 59 archivespecs = util.sortdict(( | 53 archivespecs = util.sortdict(( |
| 60 ('zip', ('application/zip', 'zip', '.zip', None)), | 54 ('zip', ('application/zip', 'zip', '.zip', None)), |
| 61 ('gz', ('application/x-gzip', 'tgz', '.tar.gz', None)), | 55 ('gz', ('application/x-gzip', 'tgz', '.tar.gz', None)), |
| 62 ('bz2', ('application/x-bzip2', 'tbz2', '.tar.bz2', None)), | 56 ('bz2', ('application/x-bzip2', 'tbz2', '.tar.bz2', None)), |
| 365 if protohandler: | 359 if protohandler: |
| 366 cmd = protohandler['cmd'] | 360 cmd = protohandler['cmd'] |
| 367 try: | 361 try: |
| 368 if query: | 362 if query: |
| 369 raise ErrorResponse(HTTP_NOT_FOUND) | 363 raise ErrorResponse(HTTP_NOT_FOUND) |
| 370 if cmd in perms: | 364 |
| 371 self.check_perm(rctx, req, perms[cmd]) | 365 # TODO fold this into parsehttprequest |
| 366 req.checkperm = lambda op: self.check_perm(rctx, req, op) | |
| 367 protohandler['proto'].checkperm = req.checkperm | |
| 368 | |
| 369 # Assume commands with no defined permissions are writes / | |
| 370 # for pushes. This is the safest from a security perspective | |
| 371 # because it doesn't allow commands with undefined semantics | |
| 372 # from bypassing permissions checks. | |
| 373 req.checkperm(perms.get(cmd, 'push')) | |
| 374 | |
| 375 return protohandler['dispatch']() | |
| 372 except ErrorResponse as inst: | 376 except ErrorResponse as inst: |
| 373 return protohandler['handleerror'](inst) | 377 return protohandler['handleerror'](inst) |
| 374 | |
| 375 return protohandler['dispatch']() | |
| 376 | 378 |
| 377 # translate user-visible url structure to internal structure | 379 # translate user-visible url structure to internal structure |
| 378 | 380 |
| 379 args = query.split('/', 2) | 381 args = query.split('/', 2) |
| 380 if 'cmd' not in req.form and args and args[0]: | 382 if 'cmd' not in req.form and args and args[0]: |