mercurial-server: comparison src/hg-ssh

equal deleted inserted replaced

-:72100d3ed1bd
+:69596fffcf7d
 def fail(message):
 sys.stderr.write("mercurial-server: %s\n" % message)
 sys.exit(-1)
-def checkpath(path):
+def checkDots(path):
+head, tail = os.path.split(path)
+if tail.startswith("."):
+fail("paths cannot contain dot file components")
+if head:
+checkDots(head)
+def checkParents(path):
 path = os.path.dirname(path)
 if path == "":
 return
 if os.path.exists(path + "/.hg"):
 fail("Cannot create repo under existing repo")
-checkpath(path)
+checkParents(path)
 def getrepo(op, repo):
-repo = os.path.normcase(os.path.normpath(repo.rstrip("/")))
+# First canonicalise, then check the string, then the rules
+# and finally the filesystem.
+repo = repo.rstrip("/")
 if len(repo) == 0:
 fail("path to repository seems to be empty")
 if repo.startswith("/"):
 fail("absolute paths are not supported")
-for component in repo.split("/"):
+checkDots(path)
-if component.startswith("."):
-fail("paths cannot contain dot file components")
 ruleset.rules.set(repo=repo)
 if not ruleset.rules.allow(op, branch=None, file=None):
 fail("access denied")
-checkpath(repo)
+checkParents(repo)
 return repo
-#logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w")
-#logfile.write("Started: %s\n" % sys.argv)
 paths.setExePath()
 if len(sys.argv) == 3 and sys.argv[1] == "--base64":
 ruleset.rules.set(user = base64.b64decode(sys.argv[2]))