mirror of
https://github.com/facebook/sapling.git
synced 2024-10-08 07:49:11 +03:00
hgweb: deny cloning a subpath of a repo
This commit is contained in:
parent
067d110f29
commit
a082a7dc75
@ -82,28 +82,6 @@ class hgweb(object):
|
||||
|
||||
self.refresh()
|
||||
|
||||
# process this if it's a protocol request
|
||||
# protocol bits don't need to create any URLs
|
||||
# and the clients always use the old URL structure
|
||||
|
||||
cmd = req.form.get('cmd', [''])[0]
|
||||
if cmd and cmd in protocol.__all__:
|
||||
try:
|
||||
if cmd in perms:
|
||||
try:
|
||||
self.check_perm(req, perms[cmd])
|
||||
except ErrorResponse, inst:
|
||||
if cmd == 'unbundle':
|
||||
req.drain()
|
||||
raise
|
||||
method = getattr(protocol, cmd)
|
||||
return method(self.repo, req)
|
||||
except ErrorResponse, inst:
|
||||
req.respond(inst, protocol.HGTYPE)
|
||||
if not inst.message:
|
||||
return []
|
||||
return '0\n%s\n' % inst.message,
|
||||
|
||||
# work with CGI variables to create coherent structure
|
||||
# use SCRIPT_NAME, PATH_INFO and QUERY_STRING as well as our REPO_NAME
|
||||
|
||||
@ -123,6 +101,30 @@ class hgweb(object):
|
||||
query = req.env['QUERY_STRING'].split('&', 1)[0]
|
||||
query = query.split(';', 1)[0]
|
||||
|
||||
# process this if it's a protocol request
|
||||
# protocol bits don't need to create any URLs
|
||||
# and the clients always use the old URL structure
|
||||
|
||||
cmd = req.form.get('cmd', [''])[0]
|
||||
if cmd and cmd in protocol.__all__:
|
||||
if query:
|
||||
raise ErrorResponse(HTTP_NOT_FOUND)
|
||||
try:
|
||||
if cmd in perms:
|
||||
try:
|
||||
self.check_perm(req, perms[cmd])
|
||||
except ErrorResponse, inst:
|
||||
if cmd == 'unbundle':
|
||||
req.drain()
|
||||
raise
|
||||
method = getattr(protocol, cmd)
|
||||
return method(self.repo, req)
|
||||
except ErrorResponse, inst:
|
||||
req.respond(inst, protocol.HGTYPE)
|
||||
if not inst.message:
|
||||
return []
|
||||
return '0\n%s\n' % inst.message,
|
||||
|
||||
# translate user-visible url structure to internal structure
|
||||
|
||||
args = query.split('/', 2)
|
||||
|
Loading…
Reference in New Issue
Block a user