[PATCH STABLE] clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler
durin42 at gmail.com
Tue Nov 22 18:07:12 UTC 2011
# HG changeset patch
# User Augie Fackler <durin42 at gmail.com>
# Date 1321985202 21600
# Branch stable
# Node ID 77b078d5b3081c148949799d4ee21376206a1723
# Parent f76584098c88fadcb74a8aa5c9c7efb2fb25b682
clone: don't save user's password in .hg/hgrc (Issue3122)
diff --git a/mercurial/hg.py b/mercurial/hg.py
--- a/mercurial/hg.py
+++ b/mercurial/hg.py
@@ -356,10 +356,13 @@
if destrepo.local():
fp = destrepo.opener("hgrc", "w", text=True)
fp.write("[paths]\n")
- fp.write("default = %s\n" % abspath)
+ u = util.url(abspath)
+ u.passwd = None
+ defaulturl = str(u)
+ fp.write("default = %s\n" % defaulturl)
fp.close()
- destrepo.ui.setconfig('paths', 'default', abspath)
+ destrepo.ui.setconfig('paths', 'default', defaulturl)
if update:
if update is not True:
diff --git a/tests/test-pull-http.t b/tests/test-pull-http.t
--- a/tests/test-pull-http.t
+++ b/tests/test-pull-http.t
@@ -12,13 +12,30 @@
$ echo a >> a
$ hg ci -mb
+Cloning with a password in the URL should not save the password in .hg/hgrc:
+
+ $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
+ $ cat hg.pid >> $DAEMON_PIDS
+ $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3
+ requesting all changes
+ adding changesets
+ adding manifests
+ adding file changes
+ added 2 changesets with 2 changes to 1 files
+ updating to branch default
+ 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
+ $ cat test3/.hg/hgrc
+ [paths]
+ default = http://foo@localhost:$HGPORT/
+ $ "$TESTDIR/killdaemons.py"
+
expect error, cloning not allowed
$ echo '[web]' > .hg/hgrc
$ echo 'allowpull = false' >> .hg/hgrc
$ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
$ cat hg.pid >> $DAEMON_PIDS
- $ hg clone http://localhost:$HGPORT/ test3
+ $ hg clone http://localhost:$HGPORT/ test4
requesting all changes
abort: authorization failed
[255]
More information about the Mercurial-devel
mailing list