problem with the manifest view....
Jim Meyering
jim at meyering.net
Thu Mar 9 11:32:39 UTC 2006
"Lee Cantey" <lcantey at gmail.com> wrote:
> diff -r 986e9b109113 mercurial/hgweb.py
> --- a/mercurial/hgweb.py 03/06/06 23:16:42 +0100
> +++ b/mercurial/hgweb.py 03/08/06 11:01:38 -0800
> @@ -851,7 +851,7 @@ class hgweb(object):
>
> def run(self, req=hgrequest()):
> def clean(path):
> - p = os.path.normpath(path)
> + p = util.normpath(path)
> if p[:2] == "..":
> raise "suspicious path"
> return p
I know it's unrelated to the normpath issue, but looking at the code
above, I had to wonder...
Do you want to raise an exception even for a file named "..whatever"?
Is there something inherently suspicious about a ".." prefix (as opposed
to a ".." component)?
More information about the Mercurial
mailing list