facebook/sapling
1
1
Fork 0
mirror of https://github.com/facebook/sapling.git synced 2024-10-10 08:47:12 +03:00
Code Issues Projects Releases Wiki Activity
20c415845d
sapling/mercurial
History
Anton Shestakov 20c415845d hgweb: fail if an invalid command was supplied in url path (issue4071) 
Traditionally, the way to specify a command for hgweb was to use url query
arguments (e.g. "?cmd=batch"). If the command is unknown to hgweb, it gives an
error (e.g. "400 no such method: badcmd").

But there's also another way to specify a command: as a url path fragment (e.g.
"/graph"). Before, hgweb was made forgiving (looks like it was made in
cd356f4efd91) and user could put any unknown command in the url. If hgweb
couldn't understand it, it would just silently fall back to the default
command, which depends on the actual style (e.g. for paper it's shortlog, for
monoblue it's summary). This was inconsistent and was breaking some tools that
rely on http status codes (as noted in the issue4071). So this patch changes
that behavior to the more consistent one, i.e. hgweb will now return "400 no
such method: badcmd".

So if some tool was relying on having an invalid command return http status
code 200 and also have some information, then it will stop working. That is, if
somebody typed foobar when they really meant shortlog (and the user was lucky
enough to choose a style where the default command is shortlog too), that fact
will now be revealed.

Code-wise, the changed if block is only relevant when there's no "?cmd" query
parameter (i.e. only when command is specified as a url path fragment), and
looks like the removed else branch was there only for falling back to default
command. With that removed, the rest of the code works as expected: it looks at
the command, and if it's not known, raises a proper ErrorResponse exception
with an appropriate message.

Evidently, there were no tests that required the old behavior. But, frankly, I
don't know any way to tell if anyone actually exploited such forgiving behavior
in some in-house tool.
2014-09-22 23:46:38 +09:00
..
help help: add pad function to template help 2014-08-25 15:10:09 +02:00
hgweb hgweb: fail if an invalid command was supplied in url path (issue4071) 2014-09-22 23:46:38 +09:00
httpclient httpclient: apply upstream revision da7579b034a4 to fix SSL problems (issue4038) 2013-09-18 14:45:28 -04:00
pure parsers: inline fields of dirstate values in C version 2014-05-27 14:27:41 -07:00
templates hgweb: replace excanvas.js with a newer version 2014-04-23 20:23:30 +01:00
__init__.py
ancestor.py ancestors: extract candidates function as commonancestorsheads 2014-04-17 19:49:56 +02:00
archival.py archive: raise error.Abort if the file pattern matches no files 2013-03-21 22:09:15 +01:00
base85.c
bdiff.c bdiff: avoid a memory error on malloc failure 2013-10-30 16:03:42 -05:00
bookmarks.py bookmarks: avoid deleting primary bookmarks on rebase 2014-07-08 14:45:55 -05:00
branchmap.py branchmap: don't use ui.warn for debug message 2014-06-23 13:50:44 -05:00
bundle2.py bundle2: add a `bundle20.nbparts` property 2014-07-02 16:17:54 +02:00
bundlerepo.py incoming: don't request heads that already are common 2014-08-15 03:24:40 +02:00
byterange.py byterange: remove now-unused sys import 2013-02-09 07:44:22 -06:00
changegroup.py changegroup: use tr.hookargs when calling changegroup hooks 2014-04-17 17:46:26 -04:00
changelog.py changelog: ensure changelog._delaybuf is initialized 2014-05-20 13:55:08 -07:00
cmdutil.py import: show the warning message for failure of merging 2014-08-27 23:10:06 +09:00
commands.py help: mention mode in hg log --removed help (issue4381) 2014-09-21 10:31:34 -05:00
commandserver.py cmdserver: forcibly use L channel to read password input (issue3161) 2014-04-26 18:13:06 +09:00
config.py config: use util.re.compile instead of util.compilere 2014-07-15 14:50:58 -07:00
context.py changectx: ancestor should only prefer merge.preferancestor if it is a revision 2014-08-15 02:46:44 +02:00
copies.py copies: guard debug section with ui.debugflag 2014-02-25 20:31:53 +01:00
dagparser.py en-us: labeled 2012-08-17 13:58:18 -07:00
dagutil.py discovery: enforce filtering into revlogbaseddag._internalizeall 2013-11-15 23:27:39 -05:00
demandimport.py demandimport: make it possible to disable by setting HGDEMANDIMPORT=disable 2014-04-08 01:35:13 +02:00
dicthelpers.py dicthelpers.diff: compare against default for missing values 2013-04-10 12:31:07 -07:00
diffhelpers.c
dirs.c parsers: inline fields of dirstate values in C version 2014-05-27 14:27:41 -07:00
dirstate.py dirstate: delay writing out to ensure timestamp of each entries explicitly 2014-07-22 23:59:30 +09:00
discovery.py discovery: prevent crash on unknown remote heads with old repo (issue4337) 2014-08-14 16:26:41 -07:00
dispatch.py dispatch: check shell alias again after loading extensions (issue4355) 2014-09-10 00:41:44 +09:00
encoding.py encoding: add 'leftside' argument into 'trim' to switch trimming side 2014-07-06 02:56:41 +09:00
error.py bundle2: fix raising errors during heads checking 2014-04-21 18:59:09 -07:00
exchange.py bundle2: only use callable return as reply handler 2014-07-02 16:13:48 +02:00
exewrapper.c
extensions.py version: show enabled extensions (issue4209) 2014-06-10 13:44:37 +03:00
fancyopts.py fancyopts: restore use of callable() since it was readded in Python 3.2 2014-06-23 09:24:16 -04:00
filelog.py filelog: use super() for calling base functions 2013-05-01 10:39:37 -07:00
filemerge.py filemerge: use non-minimal conflict marker regions (BC) 2014-07-18 21:49:52 -05:00
fileset.py merge with stable 2014-01-01 18:28:40 -05:00
formatter.py formatter: add condwrite method 2012-11-03 14:37:50 -05:00
graphmod.py graphmod: changed code in dagwalker to use lazy implementations 2014-03-14 08:46:46 -07:00
hbisect.py bisect: report "both good and bad" as such, not as "not directly related" 2013-11-10 18:51:21 +01:00
help.py help: only call doc() when it is callable 2014-08-30 20:06:24 +02:00
hg.py hg: update newly added listdir function of vfs in clone 2014-06-21 14:49:49 +05:30
hook.py hook: restore use of callable() since it was readded in Python 3.2 2014-06-23 09:24:38 -04:00
httpconnection.py httpconnection: properly inject ssl_wrap_socket into httpclient (issue4038) 2013-09-20 09:16:07 -04:00
httppeer.py httppeer: reintroduce _abort that accidentally was removed in fc14a1cf743e 2014-04-23 23:29:55 +02:00
i18n.py i18n: explicitly decode paragraphs 2014-06-12 14:40:45 -05:00
ignore.py ignore: process hgignore files in deterministic order 2012-12-17 15:57:02 -08:00
keepalive.py keepalive: fix how md5 is used 2014-09-24 15:52:40 +09:00
localrepo.py commit: catch changed exec bit on files from p1 (issue4382) 2014-09-21 10:07:06 -05:00
lock.py localrepo: give a sigh of relief when getting lock after waiting for it 2014-02-06 01:55:09 +01:00
lsprof.py profiling: replace '+' markup of nested lines with indentation 2013-02-08 22:54:48 +01:00
lsprofcalltree.py
mail.py python2.4: fix imports of sub-packages of the email package 2013-09-24 15:10:32 -04:00
manifest.py manifestdict: add a new method to intersect with a set of files 2014-07-12 17:57:25 -07:00
match.py match: use util.re.escape instead of re.escape 2014-07-15 15:34:50 -07:00
mdiff.py diff: add nobinary config to suppress git-style binary diffs 2014-06-21 15:56:49 +10:00
merge.py merge: show the scary multiple ancestor hint for merges only, not for updates 2014-08-15 02:39:01 +02:00
minirst.py minirst: explicitly decode substitutions 2014-06-13 14:14:02 -05:00
mpatch.c mpatch: rewrite pointer overflow checks 2013-12-11 18:33:42 -06:00
node.py
obsolete.py obsstore.create: add a simple safeguard against cyclic markers 2014-08-14 14:59:42 -07:00
osutil.c osutil: tab damage, how i hate thee 2012-12-03 13:17:01 -08:00
parser.py parser: allow passing a lookup function to a tokenizer 2014-03-18 17:17:23 -05:00
parsers.c parsers: remove unused getintat function 2014-07-14 15:42:31 -07:00
patch.py diff: add nobinary config to suppress git-style binary diffs 2014-06-21 15:56:49 +10:00
pathencode.c pathencode: eliminate signed integer warnings 2014-02-19 13:11:24 -08:00
pathutil.py subrepo: normalize path in the specific way for problematic encodings 2014-05-08 19:03:00 +09:00
peer.py
phases.py phases: make order of debug output 'removing unknown node' deterministic 2014-02-20 02:43:17 +01:00
posix.py util: remove unused realpath (issue4063) 2013-12-29 13:54:04 +00:00
pushkey.py pushkey: add an `encode` function 2014-05-29 15:22:58 -07:00
pvec.py pvec: use the correct name for an identifier 2013-04-12 17:20:09 -07:00
py3kcompat.py py3kcompat: drop unused export 2014-05-13 15:22:36 -05:00
repair.py bundle2: add a ui argument to readbundle 2014-04-14 15:45:30 -04:00
repoview.py repoview: fix typo in repoview.changelog 2014-08-31 19:43:03 +09:00
revlog.py revlog: fix check-code error 2014-06-14 11:49:02 -05:00
revset.py revset: add an optimised baseset.__contains__ (issue4371) 2014-09-16 23:59:29 -07:00
scmposix.py scmutil: split platform-specific bits into their own modules 2013-02-12 11:36:21 -06:00
scmutil.py vfs: add listdir for os.listdir in vfs 2014-06-20 21:18:14 +05:30
scmwindows.py scmutil: fix NameError on windows 2013-02-21 13:16:02 -06:00
setdiscovery.py setdiscovery: document algorithms used 2014-03-06 12:37:28 +01:00
similar.py
simplemerge.py merge: prevent simplemerge from mutating label list 2014-05-08 16:33:06 -07:00
sshpeer.py sshpeer: add implementation of _calltwowaystream 2014-04-15 17:18:35 -04:00
sshserver.py localrepo: move the addchangegroup method in changegroup module 2014-04-01 15:27:53 -07:00
sslutil.py sslutil: backed out changeset 2cb59fd7ebb6 (issue4038) 2013-09-18 14:40:17 -04:00
statichttprepo.py statichttp: respect localrepo _restrictcapabilities 2014-04-07 11:45:50 -07:00
store.py store: drop unused existing list 2014-04-03 12:59:12 -05:00
strutil.py
subrepo.py subrepo: ensure "close()" execution at the end of "_initrepo()" 2014-06-20 00:42:35 +09:00
tagmerge.py filemerge: add internal:tagmerge merge tool 2014-06-26 01:20:25 +02:00
tags.py tags: introduce _readtaghist function 2014-06-28 01:42:39 +02:00
templatefilters.py merge with stable 2014-07-14 18:53:03 -05:00
templatekw.py templatekw: add 'subrepos' keyword to show updated subrepositories 2014-07-15 23:34:13 +09:00
templater.py templater: add i18n comments to error messages of newly added functions 2014-08-01 02:14:24 +09:00
transaction.py transaction: fix file descriptor leak for journal.backupfiles 2014-04-30 15:36:38 -07:00
treediscovery.py discovery: stop using nodemap for membership testing 2013-11-15 23:28:43 -05:00
ui.py config: allow 'user' in .hgrc ui section (issue3169) 2014-07-26 09:27:11 +03:00
unionrepo.py config: set a 'source' in most cases where config don't come from file but code 2014-03-19 02:45:14 +01:00
url.py proxy: remove unneeded _set_hostport for compatibility with Python 2.7.7rc1 2014-05-22 22:05:26 +09:00
util.h util.h: declare dirstateTupleType variable instead of defining it 2014-07-03 19:05:04 +02:00
util.py util.re: add an escape method 2014-07-15 15:14:45 -07:00
verify.py verify: do not prevent verify repository containing hidden changesets 2014-02-19 22:19:45 +09:00
win32.py win32: backout 6891e5c66508 2014-05-03 10:33:54 +02:00
windows.py util: remove unused realpath (issue4063) 2013-12-29 13:54:04 +00:00
wireproto.py wireproto: expose the list of getbundle arguments to extensions 2014-05-22 01:49:12 -07:00
worker.py cleanup: move stdlib imports to their own import statement 2013-11-06 16:48:06 -05:00