Mercurial > hgsubversion

changeset 1351:9d58ca6253a3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added check for excessive .. entries which would go out of domain. This addresses possible problems with too many .. entries i.e. if the repo root is http://www.xample.org/repo/proj1 then ^/../proj2 is fine as is ^/../../repo2/p1 but ^/../../../www./Local is not as it doesn't make sense to have relative references that go to a different site.
author Steve Barnes (Home) <gadgetsteve@hotmail.com>
date Thu, 01 Jan 2015 16:40:41 +0000
parents 554eaa682561
children 30193fdd5da4
files hgsubversion/svnexternals.py
diffstat 1 files changed, 8 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/hgsubversion/svnexternals.py
+++ b/hgsubversion/svnexternals.py
@@ -121,14 +121,20 @@ class RelativeSourceError(Exception):
     pass
 
 def resolvedots(url):
-    """ Fix references that include .. entries."""
+    """
+    Fix references that include .. entries.
+    Scans a URL for .. type entries and resolves them but will not allow any
+    number of ..s to take us out of domain so http://.. will raise an exception.
+    """
     orig = url.split('/')
     fixed = []
     for item in orig:
         if item != '..':
             fixed.append(item)
-        else:
+        elif len(fixed) > 2:  # Don't allow things to go out of domain
             fixed.pop()
+        else:
+            raise RelativeSourceError()
     return '/'.join(fixed)
 
 def resolvesource(ui, svnroot, source):