[Commented On] D11259: subrepo: compare normalised vfs path

baymax (Baymax, Your Personal Patch-care Companion) phabricator at mercurial-scm.org
Thu Aug 5 18:02:16 UTC 2021


baymax added a comment.
baymax updated this revision to Diff 29819.


  ✅ refresh by Heptapod after a successful CI run (🐙 💚)
  ⚠ This patch is intended for stable ⚠
  <img src="https://phab.mercurial-scm.org/file/data/bth6ydklc4kd4gmh7a6h/PHID-FILE-uktushir6fpusqhvokji/source.gif" />

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D11259?vs=29812&id=29819

BRANCH
  stable

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D11259/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D11259

AFFECTED FILES
  mercurial/subrepo.py

CHANGE DETAILS

diff --git a/mercurial/subrepo.py b/mercurial/subrepo.py
--- a/mercurial/subrepo.py
+++ b/mercurial/subrepo.py
@@ -458,12 +458,14 @@
         create = allowcreate and not r.wvfs.exists(b'%s/.hg' % path)
         # repository constructor does expand variables in path, which is
         # unsafe since subrepo path might come from untrusted source.
-        if os.path.realpath(util.expandpath(root)) != root:
+        norm_root = os.path.normcase(root)
+        real_root = os.path.normcase(os.path.realpath(util.expandpath(root)))
+        if real_root != norm_root:
             raise error.Abort(
                 _(b'subrepo path contains illegal component: %s') % path
             )
         self._repo = hg.repository(r.baseui, root, create=create)
-        if self._repo.root != root:
+        if os.path.normcase(self._repo.root) != os.path.normcase(root):
             raise error.ProgrammingError(
                 b'failed to reject unsafe subrepo '
                 b'path: %s (expanded to %s)' % (root, self._repo.root)



To: marmoute, #hg-reviewers
Cc: mercurial-patches
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial-patches/attachments/20210805/c7e3b8ec/attachment-0002.html>


More information about the Mercurial-patches mailing list