Mercurial > public > mercurial-scm > hg

comparison mercurial/wireprotoserver.py @ 36810:886fba199022

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: only recognize wire protocol commands from query string (BC) Previously, we attempted to parse the wire protocol command from `req.form`. Data could have come from the query string or POST form data. The wire protocol states that the command must be declared in the query string. And AFAICT all Mercurial releases from at least 1.0 send the command in the query string. So let's actual require this behavior. This is technically BC. But I'm not sure how anyone in the wild would encounter this. POST has historically been used for sending bundle data. So there's no opportunity to encode arguments there. And the experimental HTTP POST args also takes over the body. So the only way someone would be impacted by this is if they wrote a custom client that both used POST for everything and sent arguments via the HTTP body. I don't believe such a client exists. .. bc:: The HTTP wire protocol server no longer accepts the ``cmd`` argument to control which command to run via HTTP POST bodies. The ``cmd`` argument must be specified on the URL query string. Differential Revision: https://phab.mercurial-scm.org/D2738
author Gregory Szorc <gregory.szorc@gmail.com>
date Thu, 08 Mar 2018 11:33:33 -0800
parents b9b968e21f78
children 158d4ecc03c8
comparison
equal deleted inserted replaced
36809:3c15b84ab66c 36810:886fba199022
148 # there are no other known users, so with any luck we can discard this 148 # there are no other known users, so with any luck we can discard this
149 # hook if remotefilelog becomes a first-party extension. 149 # hook if remotefilelog becomes a first-party extension.
150 def iscmd(cmd): 150 def iscmd(cmd):
151 return cmd in wireproto.commands 151 return cmd in wireproto.commands
152 152
153 def parsehttprequest(rctx, wsgireq, query, checkperm): 153 def parsehttprequest(rctx, wsgireq, req, checkperm):
154 """Parse the HTTP request for a wire protocol request. 154 """Parse the HTTP request for a wire protocol request.
155 155
156 If the current request appears to be a wire protocol request, this 156 If the current request appears to be a wire protocol request, this
157 function returns a dict with details about that request, including 157 function returns a dict with details about that request, including
158 an ``abstractprotocolserver`` instance suitable for handling the 158 an ``abstractprotocolserver`` instance suitable for handling the
159 request. Otherwise, ``None`` is returned. 159 request. Otherwise, ``None`` is returned.
160 160
161 ``wsgireq`` is a ``wsgirequest`` instance. 161 ``wsgireq`` is a ``wsgirequest`` instance.
162 ``req`` is a ``parsedrequest`` instance.
162 """ 163 """
163 repo = rctx.repo 164 repo = rctx.repo
164 165
165 # HTTP version 1 wire protocol requests are denoted by a "cmd" query 166 # HTTP version 1 wire protocol requests are denoted by a "cmd" query
166 # string parameter. If it isn't present, this isn't a wire protocol 167 # string parameter. If it isn't present, this isn't a wire protocol
167 # request. 168 # request.
168 if 'cmd' not in wsgireq.form: 169 if 'cmd' not in req.querystringdict:
169 return None 170 return None
170 171
171 cmd = wsgireq.form['cmd'][0] 172 cmd = req.querystringdict['cmd'][0]
172 173
173 # The "cmd" request parameter is used by both the wire protocol and hgweb. 174 # The "cmd" request parameter is used by both the wire protocol and hgweb.
174 # While not all wire protocol commands are available for all transports, 175 # While not all wire protocol commands are available for all transports,
175 # if we see a "cmd" value that resembles a known wire protocol command, we 176 # if we see a "cmd" value that resembles a known wire protocol command, we
176 # route it to a protocol handler. This is better than routing possible 177 # route it to a protocol handler. This is better than routing possible