[PATCH 04 of 13 RFC] url: abort on file:// URLs with non-localhost hosts

[Brodie Rao]

# HG changeset patch
# User Brodie Rao <brodie at bitheap.org>
# Date 1301540491 25200
# Node ID c5778ef86f14205e12583ac6451a4a8c24c9de24
# Parent  e5b2b7cd3a419e0ea3a5b0b92814885e61fd8724
url: abort on file:// URLs with non-localhost hosts

diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -140,6 +140,11 @@ class url(object):
                 self.host, self.port = self.host.rsplit(':', 1)
                 if not self.host:
                     self.host = None
+
+            if (self.host and self.scheme == 'file' and
+                self.host not in ('localhost', '127.0.0.1', '[::1]')):
+                raise util.Abort(_('file:// URLs can only refer to localhost'))
+
         self.path = path
 
         for a in ('user', 'passwd', 'host', 'port',
diff --git a/tests/test-pull.t b/tests/test-pull.t
--- a/tests/test-pull.t
+++ b/tests/test-pull.t
@@ -78,4 +78,8 @@ regular shell commands.
 
   $ URL=`python -c "import os; print 'file://foobar' + ('/' + os.getcwd().replace(os.sep, '/')).replace('//', '/') + '/../test'"`
   $ hg pull -q "$URL"
+  abort: file:// URLs can only refer to localhost
+  [255]
 
+  $ URL=`python -c "import os; print 'file://localhost' + ('/' + os.getcwd().replace(os.sep, '/')).replace('//', '/') + '/../test'"`
+  $ hg pull -q "$URL"
diff --git a/tests/test-url.py b/tests/test-url.py
--- a/tests/test-url.py
+++ b/tests/test-url.py
@@ -158,6 +158,13 @@ def test_url():
     >>> url('/x///z/y/')
     <url path: '/x///z/y/'>
 
+    Non-localhost file URL:
+
+    >>> u = url('file://mercurial.selenic.com/foo')
+    Traceback (most recent call last):
+      File "<stdin>", line 1, in ?
+    Abort: file:// URLs can only refer to localhost
+
     Empty URL:
 
     >>> u = url('')