server: ensure the incoming request falls under the prefix value
Prior to this, the first test asserted in wsgiref.validate.check_environ()
saying PATH didn't start with '/', but the second test served up the repo. The
assertion was just added in this cycle (though the value of PATH is still wrong
without the assertion). Allowing access to the repo at any URL outside of the
prefix is a long standing bug. This also affected hgwebdir, at least when used
via --subrepo.
Paths are not being canonicalized, so accesses to things like 'foo/../bar' will
get tossed out here, unless the prefix also matches.
#!/usr/bin/env python
# Filter output by pyflakes to control which warnings we check
from __future__ import absolute_import, print_function
import re
import sys
lines = []
for line in sys.stdin:
# We blacklist tests that are too noisy for us
pats = [
r"undefined name 'WindowsError'",
r"redefinition of unused '[^']+' from line",
# for cffi, allow re-exports from pure.*
r"cffi/[^:]*:.*\bimport \*' used",
r"cffi/[^:]*:.*\*' imported but unused",
]
keep = True
for pat in pats:
if re.search(pat, line):
keep = False
break # pattern matches
if keep:
fn = line.split(':', 1)[0]
f = open(fn)
data = f.read()
f.close()
if 'no-' 'check-code' in data:
continue
lines.append(line)
for line in lines:
sys.stdout.write(line)
print()