Mercurial > hg > mercurial-crew-with-dirclash
view tests/test-trusted.py.out @ 3541:881064004fd0
use untrusted settings in hgweb
The only exceptions are web.static and web.templates, since they can
be used to get any file that is readable by the user running the CGI
script.
Other options can be (ab)used to increase the use of the cpu
(allow_bz2) or of the bandwidth (server.uncompressed), but they're
trusted anyway.
| author | Alexis S. L. Carvalho <alexis@cecm.usp.br> |
|---|---|
| date | Thu, 26 Oct 2006 19:25:45 +0200 |
| parents | 9b52239dc740 |
| children |
line wrap: on
line source
# same user, same group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # same user, different group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # different user, same group Not trusting file .hg/hgrc from untrusted user abc, group bar trusted global = /some/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # different user, same group, but we trust the group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # different user, different group Not trusting file .hg/hgrc from untrusted user abc, group def trusted global = /some/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # different user, different group, but we trust the user trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # different user, different group, but we trust the group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # different user, different group, but we trust the user and the group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # we trust all users # different user, different group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # we trust all groups # different user, different group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # we trust all users and groups # different user, different group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # we don't get confused by users and groups with the same name # different user, different group Not trusting file .hg/hgrc from untrusted user abc, group def trusted global = /some/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # list of user names # different user, different group, but we trust the user trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # list of group names # different user, different group, but we trust the group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # Can't figure out the name of the user running this process # different user, different group trusted global = /some/path interpolated = /some/path/another/path local = /another/path untrusted . . global = /some/path . . interpolated = /some/path/another/path . . local = /another/path # prints debug warnings # different user, different group Not trusting file .hg/hgrc from untrusted user abc, group def trusted Ignoring untrusted configuration option paths.interpolated = /some/path/another/path Ignoring untrusted configuration option paths.local = /another/path global = /some/path untrusted . . global = /some/path .Ignoring untrusted configuration option paths.interpolated = /some/path/another/path . interpolated = /some/path/another/path .Ignoring untrusted configuration option paths.local = /another/path . local = /another/path # ui.readsections quux # read trusted, untrusted, new ui, trusted Not trusting file foobar from untrusted user abc, group def trusted: Ignoring untrusted configuration option foobar.baz = quux None /some/path/another/path untrusted: quux /some/path/another/path # error handling # file doesn't exist # same user, same group # different user, different group # parse error # different user, different group Not trusting file .hg/hgrc from untrusted user abc, group def Ignored: Failed to parse .hg/hgrc File contains no section headers. file: .hg/hgrc, line: 1 'foo = bar' # same user, same group raised Abort # interpolation error # same user, same group # regular config: trusted raised Abort untrusted raised Abort # different user, different group Not trusting file .hg/hgrc from untrusted user abc, group def trusted Ignored: Error in configuration section [foo] parameter 'bar': bad interpolation variable reference '%(' None untrusted raised Abort # configitems: trusted Ignored: Error in configuration section [foo]: bad interpolation variable reference '%(' [] untrusted raised Abort