Mercurial > public > mercurial-scm > hg

comparison mercurial/hgweb.py @ 1646:8e9c203946ae

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Clean up paths passed to hgweb (spotted by Peter van Dijk)
author Matt Mackall <mpm@selenic.com>
date Sun, 29 Jan 2006 09:10:13 +1300
parents 3b1b44b917f4
children beb7da710c8a
comparison
equal deleted inserted replaced
1645:c6ffedc4f11b 1646:8e9c203946ae
799 # add tags to things 799 # add tags to things
800 # tags -> list of changesets corresponding to tags 800 # tags -> list of changesets corresponding to tags
801 # find tag, changeset, file 801 # find tag, changeset, file
802 802
803 def run(self, req=hgrequest()): 803 def run(self, req=hgrequest()):
804 def clean(path):
805 p = os.path.normpath(path)
806 if p[:2] == "..":
807 raise "suspicious path"
808 return p
809
804 def header(**map): 810 def header(**map):
805 yield self.t("header", **map) 811 yield self.t("header", **map)
806 812
807 def footer(**map): 813 def footer(**map):
808 yield self.t("footer", **map) 814 yield self.t("footer", **map)
879 885
880 elif req.form['cmd'][0] == 'changeset': 886 elif req.form['cmd'][0] == 'changeset':
881 req.write(self.changeset(req.form['node'][0])) 887 req.write(self.changeset(req.form['node'][0]))
882 888
883 elif req.form['cmd'][0] == 'manifest': 889 elif req.form['cmd'][0] == 'manifest':
884 req.write(self.manifest(req.form['manifest'][0], req.form['path'][0])) 890 req.write(self.manifest(req.form['manifest'][0],
891 clean(req.form['path'][0])))
885 892
886 elif req.form['cmd'][0] == 'tags': 893 elif req.form['cmd'][0] == 'tags':
887 req.write(self.tags()) 894 req.write(self.tags())
888 895
889 elif req.form['cmd'][0] == 'summary': 896 elif req.form['cmd'][0] == 'summary':
890 req.write(self.summary()) 897 req.write(self.summary())
891 898
892 elif req.form['cmd'][0] == 'filediff': 899 elif req.form['cmd'][0] == 'filediff':
893 req.write(self.filediff(req.form['file'][0], req.form['node'][0])) 900 req.write(self.filediff(clean(req.form['file'][0]),
901 req.form['node'][0]))
894 902
895 elif req.form['cmd'][0] == 'file': 903 elif req.form['cmd'][0] == 'file':
896 req.write(self.filerevision(req.form['file'][0], req.form['filenode'][0])) 904 req.write(self.filerevision(clean(req.form['file'][0]),
905 req.form['filenode'][0]))
897 906
898 elif req.form['cmd'][0] == 'annotate': 907 elif req.form['cmd'][0] == 'annotate':
899 req.write(self.fileannotate(req.form['file'][0], req.form['filenode'][0])) 908 req.write(self.fileannotate(clean(req.form['file'][0]),
909 req.form['filenode'][0]))
900 910
901 elif req.form['cmd'][0] == 'filelog': 911 elif req.form['cmd'][0] == 'filelog':
902 req.write(self.filelog(req.form['file'][0], req.form['filenode'][0])) 912 req.write(self.filelog(clean(req.form['file'][0]),
913 req.form['filenode'][0]))
903 914
904 elif req.form['cmd'][0] == 'heads': 915 elif req.form['cmd'][0] == 'heads':
905 req.httphdr("application/mercurial-0.1") 916 req.httphdr("application/mercurial-0.1")
906 h = self.repo.heads() 917 h = self.repo.heads()
907 req.write(" ".join(map(hex, h)) + "\n") 918 req.write(" ".join(map(hex, h)) + "\n")