Mercurial > hg > mercurial-crew-with-dirclash

diff mercurial/util.py @ 1835:bdfb524d728a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Validate paths before reading or writing files in repository or working dir. Fixes security relevant issue134.
author Thomas Arendsen Hein <thomas@intevation.de>
date Sat, 04 Mar 2006 19:01:45 +0100
parents 4ced57680ce7
children d314a89fa4f1
line wrap: on
line diff
--- a/mercurial/util.py
+++ b/mercurial/util.py
@@ -363,7 +363,14 @@ def copyfiles(src, dst, hardlink=None):
         else:
             shutil.copy(src, dst)
 
-def opener(base):
+def audit_path(path):
+    """Abort if path contains dangerous components"""
+    parts = os.path.normcase(path).split(os.sep)
+    if (os.path.splitdrive(path)[0] or parts[0] in ('.hg', '')
+        or os.pardir in parts):
+        raise Abort(_("path contains illegal component: %s\n") % path)
+
+def opener(base, audit=True):
     """
     return a function that opens files relative to base
 
@@ -371,6 +378,7 @@ def opener(base):
     remote file access from higher level code.
     """
     p = base
+    audit_p = audit
 
     def mktempcopy(name):
         d, fn = os.path.split(name)
@@ -401,6 +409,8 @@ def opener(base):
             self.close()
 
     def o(path, mode="r", text=False, atomic=False):
+        if audit_p:
+            audit_path(path)
         f = os.path.join(p, path)
 
         if not text: