Patchwork [2,of,2,V3] hgweb: respond HTTP_NOT_FOUND when an archive request does not match any files

login
register
mail settings
Submitter Angel Ezquerra
Date April 13, 2013, 7:45 p.m.
Message ID <006cff2401160874ce40.1365882319@Angel-PC.localdomain>
Download mbox | patch
Permalink /patch/1295/
State Accepted
Commit 7d2a7f8e9da45a0bbd6d07b8156349278b8a7bcf
Headers show

Comments

Angel Ezquerra - April 13, 2013, 7:45 p.m.
# HG changeset patch
# User Angel Ezquerra <angel.ezquerra@gmail.com>
# Date 1363904857 -3600
#      Thu Mar 21 23:27:37 2013 +0100
# Node ID 006cff2401160874ce4086da6c45fa0d85650204
# Parent  47797f2b57b3e4e4512b3c637d3082a6f7c6dee4
hgweb: respond HTTP_NOT_FOUND when an archive request does not match any files
Matt Mackall - April 15, 2013, 10:53 p.m.
On Sat, 2013-04-13 at 21:45 +0200, Angel Ezquerra wrote:
> # HG changeset patch
> # User Angel Ezquerra <angel.ezquerra@gmail.com>
> # Date 1363904857 -3600
> #      Thu Mar 21 23:27:37 2013 +0100
> # Node ID 006cff2401160874ce4086da6c45fa0d85650204
> # Parent  47797f2b57b3e4e4512b3c637d3082a6f7c6dee4
> hgweb: respond HTTP_NOT_FOUND when an archive request does not match any files

These are queued for default, thanks.

Patch

diff --git a/mercurial/hgweb/webcommands.py b/mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py
+++ b/mercurial/hgweb/webcommands.py
@@ -819,15 +819,16 @@ 
 
     ctx = webutil.changectx(web.repo, req)
     pats = []
+    matchfn = None
     file = req.form.get('file', None)
     if file:
-        file = file[0]
-        patandfile = file.split(':')
-        if len(patandfile) > 1 and patandfile[0].lower() in ('glob', 'relglob',
-                'path', 'relpath', 're', 'relre', 'set'):
-            msg = 'Archive pattern not allowed: %s' % file
-            raise ErrorResponse(HTTP_FORBIDDEN, msg)
-        pats = ['path:' + file]
+        pats = ['path:' + file[0]]
+        matchfn = scmutil.match(ctx, pats, default='path')
+        if pats:
+            files = [f for f in ctx.manifest().keys() if matchfn(f)]
+            if not files:
+                raise ErrorResponse(HTTP_NOT_FOUND,
+                    'file(s) not found: %s' % file[0])
 
     mimetype, artype, extension, encoding = web.archive_specs[type_]
     headers = [
@@ -838,7 +839,6 @@ 
     req.headers.extend(headers)
     req.respond(HTTP_OK, mimetype)
 
-    matchfn = scmutil.match(ctx, pats, default='path')
     archival.archive(web.repo, req, cnode, artype, prefix=name,
                      matchfn=matchfn,
                      subrepos=web.configbool("web", "archivesubrepos"))
diff --git a/tests/test-archive.t b/tests/test-archive.t
--- a/tests/test-archive.t
+++ b/tests/test-archive.t
@@ -108,10 +108,15 @@ 
   $ python getarchive.py "$TIP" gz foo | gunzip | tar tf - 2>/dev/null
   test-archive-2c0277f05ed4/foo
 
+test that we detect file patterns that match no files
+
+  $ python getarchive.py "$TIP" gz foobar
+  HTTP Error 404: file(s) not found: foobar
+
 test that we reject unsafe patterns
 
   $ python getarchive.py "$TIP" gz relre:baz
-  HTTP Error 403: Archive pattern not allowed: relre:baz
+  HTTP Error 404: file(s) not found: relre:baz
 
   $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS