hgweb: fix trust of templates path (BC)
Long ago we disabled trust of the templates path with a comment
describing the (insecure) behavior before the change. At some later
refactor, the code was apparently changed back to match the comment,
unaware that the intent of the comment was to describe the behavior to
avoid.
This change disables the trust and updates the comment to explicitly
say not only what the old problem was, but also that it was in fact a
problem and the action taken to prevent it.
Impact: prior to this change, if you had a UNIX-based hgweb server
where users can write hgrc files, those users could potentially read
any file readable by the web server.
This is marked as a backwards compatibility issue because people may
have configured templates without proper trust settings. Issue spotted
by Greg Szorc.
$ . "$TESTDIR/histedit-helpers.sh"
$ cat >> $HGRCPATH <<EOF
> [extensions]
> histedit=
> EOF
$ initrepo ()
> {
> hg init r
> cd r
> for x in a b c d e f ; do
> echo $x > $x
> hg add $x
> hg ci -m $x
> done
> }
$ initrepo
log before edit
$ hg log --graph
@ changeset: 5:652413bf663e
| tag: tip
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: f
|
o changeset: 4:e860deea161a
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: e
|
o changeset: 3:055a42cdd887
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: d
|
o changeset: 2:177f92b77385
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: c
|
o changeset: 1:d2ae7f538514
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: b
|
o changeset: 0:cb9a9f314b8b
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: a
edit the history
$ hg histedit 177f92b77385 --commands - 2>&1 << EOF | fixbundle
> drop 177f92b77385 c
> pick e860deea161a e
> pick 652413bf663e f
> pick 055a42cdd887 d
> EOF
0 files updated, 0 files merged, 4 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
log after edit
$ hg log --graph
@ changeset: 4:f518305ce889
| tag: tip
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: d
|
o changeset: 3:a4f7421b80f7
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: f
|
o changeset: 2:ee283cb5f2d5
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: e
|
o changeset: 1:d2ae7f538514
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: b
|
o changeset: 0:cb9a9f314b8b
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: a
Check histedit_source
$ hg log --debug --rev f518305ce889
changeset: 4:f518305ce889c07cb5bd05522176d75590ef3324
tag: tip
phase: draft
parent: 3:a4f7421b80f79fcc59fff01bcbf4a53d127dd6d3
parent: -1:0000000000000000000000000000000000000000
manifest: 4:d3d4f51c157ff242c32ff745d4799aaa26ccda44
user: test
date: Thu Jan 01 00:00:00 1970 +0000
files+: d
extra: branch=default
extra: histedit_source=055a42cdd88768532f9cf79daa407fc8d138de9b
description:
d
manifest after edit
$ hg manifest
a
b
d
e
f
Drop the last changeset
$ hg histedit ee283cb5f2d5 --commands - 2>&1 << EOF | fixbundle
> pick ee283cb5f2d5 e
> pick a4f7421b80f7 f
> drop f518305ce889 d
> EOF
0 files updated, 0 files merged, 1 files removed, 0 files unresolved
$ hg log --graph
@ changeset: 3:a4f7421b80f7
| tag: tip
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: f
|
o changeset: 2:ee283cb5f2d5
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: e
|
o changeset: 1:d2ae7f538514
| user: test
| date: Thu Jan 01 00:00:00 1970 +0000
| summary: b
|
o changeset: 0:cb9a9f314b8b
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: a
$ cd ..