[Updated] D11259: subrepo: compare normalised vfs path
marmoute (Pierre-Yves David)
phabricator at mercurial-scm.org
Fri Aug 6 10:29:39 UTC 2021
Closed by commit rHG11c2bd973659: subrepo: compare normalised vfs path (authored by marmoute).
This revision was automatically updated to reflect the committed changes.
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST UPDATE
https://phab.mercurial-scm.org/D11259?vs=29819&id=29826
CHANGES SINCE LAST ACTION
https://phab.mercurial-scm.org/D11259/new/
REVISION DETAIL
https://phab.mercurial-scm.org/D11259
AFFECTED FILES
mercurial/subrepo.py
CHANGE DETAILS
diff --git a/mercurial/subrepo.py b/mercurial/subrepo.py
--- a/mercurial/subrepo.py
+++ b/mercurial/subrepo.py
@@ -458,12 +458,14 @@
create = allowcreate and not r.wvfs.exists(b'%s/.hg' % path)
# repository constructor does expand variables in path, which is
# unsafe since subrepo path might come from untrusted source.
- if os.path.realpath(util.expandpath(root)) != root:
+ norm_root = os.path.normcase(root)
+ real_root = os.path.normcase(os.path.realpath(util.expandpath(root)))
+ if real_root != norm_root:
raise error.Abort(
_(b'subrepo path contains illegal component: %s') % path
)
self._repo = hg.repository(r.baseui, root, create=create)
- if self._repo.root != root:
+ if os.path.normcase(self._repo.root) != os.path.normcase(root):
raise error.ProgrammingError(
b'failed to reject unsafe subrepo '
b'path: %s (expanded to %s)' % (root, self._repo.root)
To: marmoute, #hg-reviewers, Alphare
Cc: mercurial-patches
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial-patches/attachments/20210806/13529d88/attachment-0002.html>
More information about the Mercurial-patches
mailing list