equal
deleted
inserted
replaced
157 self.repo = r |
157 self.repo = r |
158 hook.redirect(True) |
158 hook.redirect(True) |
159 self.repostate = ((-1, -1), (-1, -1)) |
159 self.repostate = ((-1, -1), (-1, -1)) |
160 self.mtime = -1 |
160 self.mtime = -1 |
161 self.reponame = name |
161 self.reponame = name |
162 # a repo owner may set web.templates in .hg/hgrc to get any file |
162 # we use untrusted=False to prevent a repo owner from using |
163 # readable by the user running the CGI script |
163 # web.templates in .hg/hgrc to get access to any file readable |
164 self.templatepath = self.config('web', 'templates') |
164 # by the user running the CGI script |
|
165 self.templatepath = self.config('web', 'templates', untrusted=False) |
165 self.websubtable = self.loadwebsub() |
166 self.websubtable = self.loadwebsub() |
166 |
167 |
167 # The CGI scripts are often run by a user different from the repo owner. |
168 # The CGI scripts are often run by a user different from the repo owner. |
168 # Trust the settings from the .hg/hgrc files by default. |
169 # Trust the settings from the .hg/hgrc files by default. |
169 def config(self, section, name, default=None, untrusted=True): |
170 def config(self, section, name, default=None, untrusted=True): |