server: ensure the incoming request falls under the prefix value
Prior to this, the first test asserted in wsgiref.validate.check_environ()
saying PATH didn't start with '/', but the second test served up the repo. The
assertion was just added in this cycle (though the value of PATH is still wrong
without the assertion). Allowing access to the repo at any URL outside of the
prefix is a long standing bug. This also affected hgwebdir, at least when used
via --subrepo.
Paths are not being canonicalized, so accesses to things like 'foo/../bar' will
get tossed out here, unless the prefix also matches.
$ hg init a
$ cd a
$ echo a > a
$ hg ci -Am0
adding a
$ echo b > b
$ hg ci -Am1
adding b
$ hg tag -r0 default
warning: tag default conflicts with existing branch name
$ hg log
changeset: 2:30a83d1e4a1e
tag: tip
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: Added tag default for changeset f7b1eb17ad24
changeset: 1:925d80f479bb
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: 1
changeset: 0:f7b1eb17ad24
tag: default
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: 0
$ hg update 'tag(default)'
0 files updated, 0 files merged, 2 files removed, 0 files unresolved
$ hg parents
changeset: 0:f7b1eb17ad24
tag: default
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: 0
$ hg update 'branch(default)'
2 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ hg parents
changeset: 2:30a83d1e4a1e
tag: tip
user: test
date: Thu Jan 01 00:00:00 1970 +0000
summary: Added tag default for changeset f7b1eb17ad24
$ cd ..