Mercurial > hg > mercurial-crew-with-dirclash
comparison mercurial/hgweb/hgweb_mod.py @ 3381:80721b86a448
hgweb: fix path cleaning
| author | Benoit Boissinot <benoit.boissinot@ens-lyon.org> |
|---|---|
| date | Fri, 13 Oct 2006 16:34:58 +0200 |
| parents | ce8f31e0b3b8 |
| children | defadc26e674 |
comparison
equal
deleted
inserted
replaced
| 3380:bb9852b3bf06 | 3381:80721b86a448 |
|---|---|
| 582 # add tags to things | 582 # add tags to things |
| 583 # tags -> list of changesets corresponding to tags | 583 # tags -> list of changesets corresponding to tags |
| 584 # find tag, changeset, file | 584 # find tag, changeset, file |
| 585 | 585 |
| 586 def cleanpath(self, path): | 586 def cleanpath(self, path): |
| 587 p = util.normpath(path) | 587 return util.canonpath(self.repo.root, '', path) |
| 588 if p[:2] == "..": | |
| 589 raise Exception("suspicious path") | |
| 590 return p | |
| 591 | 588 |
| 592 def run(self): | 589 def run(self): |
| 593 if not os.environ.get('GATEWAY_INTERFACE', '').startswith("CGI/1."): | 590 if not os.environ.get('GATEWAY_INTERFACE', '').startswith("CGI/1."): |
| 594 raise RuntimeError("This function is only intended to be called while running as a CGI script.") | 591 raise RuntimeError("This function is only intended to be called while running as a CGI script.") |
| 595 import mercurial.hgweb.wsgicgi as wsgicgi | 592 import mercurial.hgweb.wsgicgi as wsgicgi |