Gregory Szorc 64e2de02bd hgweb: extract path traversal checking into standalone function ... A common exploit in web applications that access paths is to insert path separator strings like ".." to try to get the server to serve up files it shouldn't. We have code for detecting this in staticfile(). A subsequent commit will need to perform this test as well. Since this is security code, let's factor the check so we don't have to reinvent the wheel.		2017-03-31 21:47:26 -07:00
..
__init__.py	server: move service factory from hgweb	2016-10-15 14:09:36 +09:00
common.py	hgweb: extract path traversal checking into standalone function	2017-03-31 21:47:26 -07:00
hgweb_mod.py	hgweb: support Content Security Policy	2017-01-10 23:37:08 -08:00
hgwebdir_mod.py	hgwebdir: add support for explicit index files	2017-03-05 22:22:32 -05:00
protocol.py	protocol: send application/mercurial-0.2 responses to capable clients	2016-12-24 15:29:32 -07:00
request.py	hgweb: use absolute_import	2015-10-31 22:07:40 +09:00
server.py	py3: replace os.name with pycompat.osname (part 1 of 2)	2016-12-19 00:16:52 +05:30
webcommands.py	hgweb: prefix line id by ctx shortnode in filelog when patches are shown	2017-03-30 21:40:10 +02:00
webutil.py	hgweb: prefix line id by ctx shortnode in filelog when patches are shown	2017-03-30 21:40:10 +02:00
wsgicgi.py	py3: replace os.environ with encoding.environ (part 3 of 5)	2016-12-18 01:54:36 +05:30