Mercurial > public > mercurial-scm > hg
comparison mercurial/ui.py @ 35170:c9740b69b9b7 stable
dispatch: add HGPLAIN=+strictflags to restrict early parsing of global options
If this feature is enabled, early options are parsed using the global options
table. As the parser stops processing options when non/unknown option is
encountered, it won't mistakenly take an option value as a new early option.
Still "--" can be injected to terminate the parsing (e.g. "hg -R -- log"), I
think it's unlikely to lead to an RCE.
To minimize a risk of this change, new fancyopts.earlygetopt() path is enabled
only when +strictflags is set. Also the strict parser doesn't support '--repo',
a short for '--repository' yet. This limitation will be removed later.
As this feature is backward incompatible, I decided to add a new opt-in
mechanism to HGPLAIN. I'm not pretty sure if this is the right choice, but
I'm thinking of adding +feature/-feature syntax to HGPLAIN. Alternatively,
we could add a new environment variable. Any bikeshedding is welcome.
Note that HGPLAIN=+strictflags doesn't work correctly in chg session since
command arguments are pre-processed in C. This wouldn't be easily fixed.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Thu, 23 Nov 2017 22:17:03 +0900 |
| parents | ff2110eadbfa |
| children | aef2b98d9352 |
comparison
equal
deleted
inserted
replaced
| 35169:898c6f812a51 | 35170:c9740b69b9b7 |
|---|---|
| 759 The only way to trigger plain mode is by setting either the | 759 The only way to trigger plain mode is by setting either the |
| 760 `HGPLAIN' or `HGPLAINEXCEPT' environment variables. | 760 `HGPLAIN' or `HGPLAINEXCEPT' environment variables. |
| 761 | 761 |
| 762 The return value can either be | 762 The return value can either be |
| 763 - False if HGPLAIN is not set, or feature is in HGPLAINEXCEPT | 763 - False if HGPLAIN is not set, or feature is in HGPLAINEXCEPT |
| 764 - False if feature is disabled by default and not included in HGPLAIN | |
| 764 - True otherwise | 765 - True otherwise |
| 765 ''' | 766 ''' |
| 766 if ('HGPLAIN' not in encoding.environ and | 767 if ('HGPLAIN' not in encoding.environ and |
| 767 'HGPLAINEXCEPT' not in encoding.environ): | 768 'HGPLAINEXCEPT' not in encoding.environ): |
| 768 return False | 769 return False |
| 769 exceptions = encoding.environ.get('HGPLAINEXCEPT', | 770 exceptions = encoding.environ.get('HGPLAINEXCEPT', |
| 770 '').strip().split(',') | 771 '').strip().split(',') |
| 772 # TODO: add support for HGPLAIN=+feature,-feature syntax | |
| 773 if '+strictflags' not in encoding.environ.get('HGPLAIN', '').split(','): | |
| 774 exceptions.append('strictflags') | |
| 771 if feature and exceptions: | 775 if feature and exceptions: |
| 772 return feature not in exceptions | 776 return feature not in exceptions |
| 773 return True | 777 return True |
| 774 | 778 |
| 775 def username(self, acceptempty=False): | 779 def username(self, acceptempty=False): |