[Updated] D11259: subrepo: compare normalised vfs path

marmoute (Pierre-Yves David) phabricator at mercurial-scm.org
Fri Aug 6 10:29:39 UTC 2021


Closed by commit rHG11c2bd973659: subrepo: compare normalised vfs path (authored by marmoute).
This revision was automatically updated to reflect the committed changes.

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D11259?vs=29819&id=29826

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D11259/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D11259

AFFECTED FILES
  mercurial/subrepo.py

CHANGE DETAILS

diff --git a/mercurial/subrepo.py b/mercurial/subrepo.py
--- a/mercurial/subrepo.py
+++ b/mercurial/subrepo.py
@@ -458,12 +458,14 @@
         create = allowcreate and not r.wvfs.exists(b'%s/.hg' % path)
         # repository constructor does expand variables in path, which is
         # unsafe since subrepo path might come from untrusted source.
-        if os.path.realpath(util.expandpath(root)) != root:
+        norm_root = os.path.normcase(root)
+        real_root = os.path.normcase(os.path.realpath(util.expandpath(root)))
+        if real_root != norm_root:
             raise error.Abort(
                 _(b'subrepo path contains illegal component: %s') % path
             )
         self._repo = hg.repository(r.baseui, root, create=create)
-        if self._repo.root != root:
+        if os.path.normcase(self._repo.root) != os.path.normcase(root):
             raise error.ProgrammingError(
                 b'failed to reject unsafe subrepo '
                 b'path: %s (expanded to %s)' % (root, self._repo.root)



To: marmoute, #hg-reviewers, Alphare
Cc: mercurial-patches
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial-patches/attachments/20210806/13529d88/attachment-0002.html>


More information about the Mercurial-patches mailing list