| Submitter | Alexander Plavin |
|---|---|
| Date | Sept. 4, 2013, 7:13 p.m. |
| Message ID | <3d9f8ae79b18dbe0b231.1378321988@debian-alexander.dolgopa> |
| Download | mbox | patch |
| Permalink | /patch/2328/ |
| State | Changes Requested |
| Delegated to: | Kevin Bullock |
| Headers | show |
Comments
On Wed, Sep 04, 2013 at 11:13:08PM +0400, Alexander Plavin wrote: > # HG changeset patch > # User Alexander Plavin <alexander@plav.in> > # Date 1376651054 -14400 > # Fri Aug 16 15:04:14 2013 +0400 > # Node ID 3d9f8ae79b18dbe0b231c0837c416ce6158c3922 > # Parent 939c1b6f7e443f32b801f5e6b85da790fdc5324e > hgweb, config: make search restrictions configurable with web.restrictsearch Series looks reasonable, but would like Kevin to look at it too. > > Add boolean config option to allow disabling all search restrictions. > > diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/help/config.txt > --- a/mercurial/help/config.txt Sat Jul 20 01:32:38 2013 +0400 > +++ b/mercurial/help/config.txt Fri Aug 16 15:04:14 2013 +0400 > @@ -1461,6 +1461,10 @@ > Whether to require that inbound pushes be transported over SSL to > prevent password sniffing. Default is True. > > +``restrictsearch`` > + Whether to restrict usage of regular expressions and > + heavyweight revset functions in search. Default is True. > + > ``staticurl`` > Base URL to use for static files. If unset, static files (e.g. the > hgicon.png favicon) will be served by the CGI script itself. Use > diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/hgweb/webcommands.py > --- a/mercurial/hgweb/webcommands.py Sat Jul 20 01:32:38 2013 +0400 > +++ b/mercurial/hgweb/webcommands.py Fri Aug 16 15:04:14 2013 +0400 > @@ -179,13 +179,14 @@ > # no revset syntax used > return MODE_KEYWORD, query > > - if util.any((token, (value or '')[:3]) == ('string', 're:') > - for token, value, pos in revset.tokenize(revdef)): > - return MODE_KEYWORD, query > + if web.configbool('web', 'restrictsearch', True): > + if util.any((token, (value or '')[:3]) == ('string', 're:') > + for token, value, pos in revset.tokenize(revdef)): > + return MODE_KEYWORD, query > > - funcsused = revset.funcsused(tree) > - if not funcsused.issubset(revset.safesymbols): > - return MODE_KEYWORD, query > + funcsused = revset.funcsused(tree) > + if not funcsused.issubset(revset.safesymbols): > + return MODE_KEYWORD, query > > mfunc = revset.match(None, revdef) > try: > _______________________________________________ > Mercurial-devel mailing list > Mercurial-devel@selenic.com > http://selenic.com/mailman/listinfo/mercurial-devel
Patch
diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/help/config.txt --- a/mercurial/help/config.txt Sat Jul 20 01:32:38 2013 +0400 +++ b/mercurial/help/config.txt Fri Aug 16 15:04:14 2013 +0400 @@ -1461,6 +1461,10 @@ Whether to require that inbound pushes be transported over SSL to prevent password sniffing. Default is True. +``restrictsearch`` + Whether to restrict usage of regular expressions and + heavyweight revset functions in search. Default is True. + ``staticurl`` Base URL to use for static files. If unset, static files (e.g. the hgicon.png favicon) will be served by the CGI script itself. Use diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/hgweb/webcommands.py --- a/mercurial/hgweb/webcommands.py Sat Jul 20 01:32:38 2013 +0400 +++ b/mercurial/hgweb/webcommands.py Fri Aug 16 15:04:14 2013 +0400 @@ -179,13 +179,14 @@ # no revset syntax used return MODE_KEYWORD, query - if util.any((token, (value or '')[:3]) == ('string', 're:') - for token, value, pos in revset.tokenize(revdef)): - return MODE_KEYWORD, query + if web.configbool('web', 'restrictsearch', True): + if util.any((token, (value or '')[:3]) == ('string', 're:') + for token, value, pos in revset.tokenize(revdef)): + return MODE_KEYWORD, query - funcsused = revset.funcsused(tree) - if not funcsused.issubset(revset.safesymbols): - return MODE_KEYWORD, query + funcsused = revset.funcsused(tree) + if not funcsused.issubset(revset.safesymbols): + return MODE_KEYWORD, query mfunc = revset.match(None, revdef) try: