Patchwork [5,of,5,V4] hgweb, config: make search restrictions configurable with web.restrictsearch

login
register
mail settings
Submitter Alexander Plavin
Date Sept. 4, 2013, 7:13 p.m.
Message ID <3d9f8ae79b18dbe0b231.1378321988@debian-alexander.dolgopa>
Download mbox | patch
Permalink /patch/2328/
State Changes Requested
Delegated to: Kevin Bullock
Headers show

Comments

Alexander Plavin - Sept. 4, 2013, 7:13 p.m.
# HG changeset patch
# User Alexander Plavin <alexander@plav.in>
# Date 1376651054 -14400
#      Fri Aug 16 15:04:14 2013 +0400
# Node ID 3d9f8ae79b18dbe0b231c0837c416ce6158c3922
# Parent  939c1b6f7e443f32b801f5e6b85da790fdc5324e
hgweb, config: make search restrictions configurable with web.restrictsearch

Add boolean config option to allow disabling all search restrictions.
Augie Fackler - Sept. 5, 2013, 3:55 p.m.
On Wed, Sep 04, 2013 at 11:13:08PM +0400, Alexander Plavin wrote:
> # HG changeset patch
> # User Alexander Plavin <alexander@plav.in>
> # Date 1376651054 -14400
> #      Fri Aug 16 15:04:14 2013 +0400
> # Node ID 3d9f8ae79b18dbe0b231c0837c416ce6158c3922
> # Parent  939c1b6f7e443f32b801f5e6b85da790fdc5324e
> hgweb, config: make search restrictions configurable with web.restrictsearch

Series looks reasonable, but would like Kevin to look at it too.

>
> Add boolean config option to allow disabling all search restrictions.
>
> diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/help/config.txt
> --- a/mercurial/help/config.txt	Sat Jul 20 01:32:38 2013 +0400
> +++ b/mercurial/help/config.txt	Fri Aug 16 15:04:14 2013 +0400
> @@ -1461,6 +1461,10 @@
>      Whether to require that inbound pushes be transported over SSL to
>      prevent password sniffing. Default is True.
>
> +``restrictsearch``
> +    Whether to restrict usage of regular expressions and
> +    heavyweight revset functions in search. Default is True.
> +
>  ``staticurl``
>      Base URL to use for static files. If unset, static files (e.g. the
>      hgicon.png favicon) will be served by the CGI script itself. Use
> diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/hgweb/webcommands.py
> --- a/mercurial/hgweb/webcommands.py	Sat Jul 20 01:32:38 2013 +0400
> +++ b/mercurial/hgweb/webcommands.py	Fri Aug 16 15:04:14 2013 +0400
> @@ -179,13 +179,14 @@
>              # no revset syntax used
>              return MODE_KEYWORD, query
>
> -        if util.any((token, (value or '')[:3]) == ('string', 're:')
> -                    for token, value, pos in revset.tokenize(revdef)):
> -            return MODE_KEYWORD, query
> +        if web.configbool('web', 'restrictsearch', True):
> +            if util.any((token, (value or '')[:3]) == ('string', 're:')
> +                        for token, value, pos in revset.tokenize(revdef)):
> +                return MODE_KEYWORD, query
>
> -        funcsused = revset.funcsused(tree)
> -        if not funcsused.issubset(revset.safesymbols):
> -            return MODE_KEYWORD, query
> +            funcsused = revset.funcsused(tree)
> +            if not funcsused.issubset(revset.safesymbols):
> +                return MODE_KEYWORD, query
>
>          mfunc = revset.match(None, revdef)
>          try:
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel@selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel

Patch

diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/help/config.txt
--- a/mercurial/help/config.txt	Sat Jul 20 01:32:38 2013 +0400
+++ b/mercurial/help/config.txt	Fri Aug 16 15:04:14 2013 +0400
@@ -1461,6 +1461,10 @@ 
     Whether to require that inbound pushes be transported over SSL to
     prevent password sniffing. Default is True.
 
+``restrictsearch``
+    Whether to restrict usage of regular expressions and
+    heavyweight revset functions in search. Default is True.
+
 ``staticurl``
     Base URL to use for static files. If unset, static files (e.g. the
     hgicon.png favicon) will be served by the CGI script itself. Use
diff -r 939c1b6f7e44 -r 3d9f8ae79b18 mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py	Sat Jul 20 01:32:38 2013 +0400
+++ b/mercurial/hgweb/webcommands.py	Fri Aug 16 15:04:14 2013 +0400
@@ -179,13 +179,14 @@ 
             # no revset syntax used
             return MODE_KEYWORD, query
 
-        if util.any((token, (value or '')[:3]) == ('string', 're:')
-                    for token, value, pos in revset.tokenize(revdef)):
-            return MODE_KEYWORD, query
+        if web.configbool('web', 'restrictsearch', True):
+            if util.any((token, (value or '')[:3]) == ('string', 're:')
+                        for token, value, pos in revset.tokenize(revdef)):
+                return MODE_KEYWORD, query
 
-        funcsused = revset.funcsused(tree)
-        if not funcsused.issubset(revset.safesymbols):
-            return MODE_KEYWORD, query
+            funcsused = revset.funcsused(tree)
+            if not funcsused.issubset(revset.safesymbols):
+                return MODE_KEYWORD, query
 
         mfunc = revset.match(None, revdef)
         try: