server: ensure the incoming request falls under the prefix value
Prior to this, the first test asserted in wsgiref.validate.check_environ()
saying PATH didn't start with '/', but the second test served up the repo. The
assertion was just added in this cycle (though the value of PATH is still wrong
without the assertion). Allowing access to the repo at any URL outside of the
prefix is a long standing bug. This also affected hgwebdir, at least when used
via --subrepo.
Paths are not being canonicalized, so accesses to things like 'foo/../bar' will
get tossed out here, unless the prefix also matches.
syntax: glob
*.elc
*.tmp
*.orig
*.rej
*~
*.mergebackup
*.o
*.so
*.dll
*.exe
*.pyd
*.pyc
*.pyo
*$py.class
*.swp
*.prof
*.zip
\#*\#
.\#*
tests/.coverage*
tests/.testtimes*
tests/.hypothesis
tests/hypothesis-generated
tests/annotated
tests/exceptions
tests/*.err
tests/htmlcov
build
contrib/chg/chg
contrib/hgsh/hgsh
contrib/vagrant/.vagrant
contrib/docker/debian-*
contrib/docker/ubuntu-*
dist
packages
doc/common.txt
doc/*.[0-9]
doc/*.[0-9].txt
doc/*.[0-9].gendoc.txt
doc/*.[0-9].{x,ht}ml
MANIFEST
MANIFEST.in
patches
mercurial/__modulepolicy__.py
mercurial/__version__.py
mercurial/hgpythonlib.h
mercurial.egg-info
.DS_Store
tags
cscope.*
.idea/*
.asv/*
i18n/hg.pot
locale/*/LC_MESSAGES/hg.mo
hgext/__index__.py
rust/target/
# Generated wheels
wheelhouse/
syntax: regexp
^\.pc/
^\.(pydev)?project
# hackable windows distribution additions
^hg-python
^hg.py$