456 r = ctx.repo() |
456 r = ctx.repo() |
457 root = r.wjoin(util.localpath(path)) |
457 root = r.wjoin(util.localpath(path)) |
458 create = allowcreate and not r.wvfs.exists(b'%s/.hg' % path) |
458 create = allowcreate and not r.wvfs.exists(b'%s/.hg' % path) |
459 # repository constructor does expand variables in path, which is |
459 # repository constructor does expand variables in path, which is |
460 # unsafe since subrepo path might come from untrusted source. |
460 # unsafe since subrepo path might come from untrusted source. |
461 if os.path.realpath(util.expandpath(root)) != root: |
461 norm_root = os.path.normcase(root) |
|
462 real_root = os.path.normcase(os.path.realpath(util.expandpath(root))) |
|
463 if real_root != norm_root: |
462 raise error.Abort( |
464 raise error.Abort( |
463 _(b'subrepo path contains illegal component: %s') % path |
465 _(b'subrepo path contains illegal component: %s') % path |
464 ) |
466 ) |
465 self._repo = hg.repository(r.baseui, root, create=create) |
467 self._repo = hg.repository(r.baseui, root, create=create) |
466 if self._repo.root != root: |
468 if os.path.normcase(self._repo.root) != os.path.normcase(root): |
467 raise error.ProgrammingError( |
469 raise error.ProgrammingError( |
468 b'failed to reject unsafe subrepo ' |
470 b'failed to reject unsafe subrepo ' |
469 b'path: %s (expanded to %s)' % (root, self._repo.root) |
471 b'path: %s (expanded to %s)' % (root, self._repo.root) |
470 ) |
472 ) |
471 |
473 |