This is an archive of the discontinued Mercurial Phabricator instance.

Differential D2733

hgweb: always use "?" when writing session vars
ClosedPublic

Authored by indygreg on Mar 8 2018, 8:06 PM.

Download Raw Diff

Details

Reviewers

durin42

Group Reviewers

hg-reviewers

Commits

rHGec46415ed826: hgweb: always use "?" when writing session vars

Summary

This code resolves a string to insert in URLs as part of a
query string. Essentially, it resolves the {sessionvars}
template keyword, which is used by hgweb templates to build
a URL as a string.

The whole approach here feels wrong because there's no way of
knowing when this code runs how the final URL will look. There
could be additional URL fragments added before this template
keyword that add a query string component.

Furthermore, I don't think there's *any* for req.url to have
a query string. That's because the code that populates this
variable only takes SCRIPT_NAME and REPO_NAME into account. The
"?" character it is searching for would only be added if some
code attempted to add QUERY_STRING to the URL. Hacking the code
up to raise if "?" is present in the URL yields a clean test
suite run. I'm not sure if we broke this code or if it has
always been broken.

Anyway, this commit removes support for emitting "&" as the
first character in {sessionvars} and makes it always emit "?",
which is what it was always doing before AFAICT.

Diff Detail

Repository

rHG Mercurial

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

Event Timeline

indygreg created this revision.Mar 8 2018, 8:06 PM

Herald added a reviewer: hg-reviewers. · View Herald TranscriptMar 8 2018, 8:06 PM

Herald added a subscriber: mercurial-devel. · View Herald Transcript

indygreg added a child revision: D2734: hgweb: parse WSGI request into a data structure.Mar 8 2018, 8:06 PM

durin42 accepted this revision.Mar 9 2018, 1:57 PM

This revision is now accepted and ready to land.Mar 9 2018, 1:57 PM

Closed by commit rHGec46415ed826: hgweb: always use "?" when writing session vars (authored by indygreg). · Explain WhyMar 9 2018, 2:29 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

			Path	Packages
M			mercurial/hgweb/hgweb_mod.py (3 lines)
M			mercurial/hgweb/hgwebdir_mod.py (3 lines)

Status	Author	Revision
Closed	indygreg	D2987 stringutil: add function to pretty print an object
Closed	indygreg	D2986 wireproto: add frame flag to denote payloads as CBOR
Closed	indygreg	D2985 wireproto: implement custom __repr__ for frame
Closed	indygreg	D2984 keepalive: implement readinto()
Closed	indygreg	D2983 wireproto: port protocol handler to zope.interface
Closed	indygreg	D2982 wireproto: separate commands tables for version 1 and 2 commands
Closed	indygreg	D2981 wireproto: mark SSHv2 as a version 1 transport
Closed	indygreg	D2979 wireproto: stop aliasing wire protocol types (API)
Closed	indygreg	D2951 wireproto: use CBOR for command requests
Closed	indygreg	D2902 wireproto: define frame to represent progress updates
Closed	indygreg	D2948 wireproto: syntax for encoding CBOR into frames
Closed	indygreg	D2947 wireproto: explicit API to create outgoing streams
Closed	indygreg	D2907 wireproto: add streams to frame-based protocol
Closed	indygreg	D2906 wireproto: start to associate frame generation with a stream
Closed	indygreg	D2950 tests: fix duplicate and failing test
Closed	indygreg	D2978 cbor: import CBORDecoder and CBOREncoder
Closed	indygreg	D2949 setup: install cbor packages
Abandoned	indygreg	D2885 RFC: use Redis to cache file data
Changes Planned	indygreg	D2884 wireproto: experimental command to emit file data
Abandoned	indygreg	D2883 revlogstore: create and implement an interface for repo files storage
Closed	indygreg	D2901 wireproto: explicitly track which requests are active
Closed	indygreg	D2900 wireproto: use named arguments when passing around frame data
Closed	indygreg	D2899 wireproto: define attr-based classes for representing frames
Closed	indygreg	D2872 wireproto: define human output side channel frame
Closed	indygreg	D2871 wireproto: service multiple command requests per HTTP request
Closed	indygreg	D2870 wireproto: support for receiving multiple requests
Closed	indygreg	D2869 wireproto: add request IDs to frames
Closed	indygreg	D2860 wireproto: buffer output frames when in half duplex mode
Closed	indygreg	D2858 wireproto: define and implement responses in framing protocol
Closed	indygreg	D2857 wireproto: implement basic command dispatching for HTTPv2
Closed	indygreg	D2856 wireproto: nominally don't expose "batch" to version 2 wire transports
Closed	indygreg	D2852 wireproto: implement basic frame reading and processing
Closed	indygreg	D2851 wireproto: define and implement protocol for issuing requests
Closed	indygreg	D2868 util: prefer "bytesio" to "stringio"
Closed	indygreg	D2850 wireproto: define content negotiation for HTTPv2
Closed	indygreg	D2849 hgweb: also set Content-Type header
Closed	indygreg	D2837 wireproto: require POST for all HTTPv2 requests
Closed	indygreg	D2836 wireproto: define permissions-based routing of HTTPv2 wire protocol
Closed	indygreg	D2834 wireproto: support /api/* URL space for exposing APIs
Closed	indygreg	D2843 url: support suppressing Accept header
Closed	indygreg	D2842 util: don't log low-level I/O calls for HTTP peer
Closed	indygreg	D2841 debugcommands: support sending HTTP requests with debugwireproto
Closed	indygreg	D2726 debugcommands: support connecting to HTTP peers
Closed	indygreg	D2722 url: add HTTP handler that uses a proxied socket
Closed	indygreg	D2721 util: observable proxy objects for sockets
Closed	indygreg	D2840 hgweb: allow defining Server response header for HTTP server
Closed	indygreg	D2839 tests: use $HTTP_DATE$ for Date header
Closed	indygreg	D2720 debugcommands: introduce actions to perform deterministic reads
Closed	indygreg	D2725 httppeer: refactor how httppeer is created (API)
Closed	indygreg	D2724 httppeer: alias url as urlmod
Closed	indygreg	D2723 httppeer: consolidate _requestbuilder assignments and document
Closed	indygreg	D2832 hgweb: remove wsgirequest (API)
Closed	indygreg	D2831 hgweb: store the raw WSGI environment dict
Closed	indygreg	D2830 hgweb: remove dead wsgirequest code
Closed	indygreg	D2829 hgweb: port to new response API
Closed	indygreg	D2828 hgweb: pass modern request type into templater()
Closed	indygreg	D2827 hgweb: use modern response type for index generation
Closed	indygreg	D2826 hgweb: don't pass wsgireq to makeindex and other functions
Closed	indygreg	D2825 hgweb: replace PATH_INFO with dispatchpath
Closed	indygreg	D2824 hgweb: rewrite path generation for index entries
Closed	indygreg	D2823 hgweb: construct {url} with req.apppath
Closed	indygreg	D2822 hgweb: support constructing URLs from an alternate base URL
Closed	indygreg	D2821 hgweb: clarify that apppath begins with a forward slash
Closed	indygreg	D2820 hgweb: change how dispatch path is reported
Closed	indygreg	D2819 hgweb: refactor repository name URL parsing
Closed	indygreg	D2818 tests: add test coverage for parsing WSGI requests
Closed	indygreg	D2817 hgweb: construct static URL like hgweb does
Closed	indygreg	D2816 hgweb: remove unused **map argument
Closed	indygreg	D2815 hgweb: extract entries() to standalone function
Closed	indygreg	D2814 hgweb: move rawentries() to a standalone function
Closed	indygreg	D2813 hgweb: move archivelist to standalone function
Closed	indygreg	D2812 hgweb: move readallowed to a standalone function
Closed	indygreg	D2805 hgweb: remove some use of wsgireq in hgwebdir
Closed	indygreg	D2804 hgweb: fix a bug due to variable name typo
Closed	indygreg	D2803 hgweb: stop passing req and tmpl into @webcommand functions (API)
Closed	indygreg	D2802 hgweb: pass modern request type into various webutil functions (API)
Closed	indygreg	D2801 hgweb: don't redundantly pass templater with requestcontext (API)
Closed	indygreg	D2800 hgweb: use templater on requestcontext instance
Closed	indygreg	D2799 hgweb: add a sendtemplate() helper function
Closed	indygreg	D2798 hgweb: use web.req instead of req.req
Closed	indygreg	D2797 hgweb: stop setting headers on wsgirequest
Closed	indygreg	D2796 hgweb: always return iterable from @webcommand functions (API)
Closed	indygreg	D2795 hgweb: send errors using new response API
Closed	indygreg	D2794 hgweb: refactor 304 handling code
Closed	indygreg	D2793 hgweb: transition permissions hooks to modern request type (API)
Closed	indygreg	D2792 hgweb: port archive command to modern response API
Closed	indygreg	D2791 hgweb: refactor fake file object proxy for archiving
Closed	indygreg	D2790 tests: additional test coverage of archive web command
Closed	indygreg	D2789 hgweb: port static file handling to new response API
Closed	indygreg	D2788 hgweb: remove one-off routing for file?style=raw
Closed	indygreg	D2787 hgweb: port most @webcommand to use modern response type
Closed	indygreg	D2786 hgweb: support using new response object for web commands
Closed	indygreg	D2785 hgweb: inline caching() and port to modern mechanisms
Closed	indygreg	D2784 hgweb: expose repo name on parsedrequest
Closed	indygreg	D2783 hgweb: expose URL scheme and REMOTE_* attributes
Closed	indygreg	D2782 hgweb: remove wsgirequest.form (API)
Closed	indygreg	D2781 hgweb: perform all parameter lookup via qsparams
Closed	indygreg	D2780 hgweb: set variables in qsparams
Closed	indygreg	D2779 hgweb: use our new request object for "style" parameter
Closed	indygreg	D2776 hgweb: use a multidict for holding query string parameters
Closed	indygreg	D2775 hgweb: create dedicated type for WSGI responses
Closed	indygreg	D2778 tests: add test for a wire protocol request to wrong base URL
Closed	indygreg	D2773 hgweb: remove support for short query string based aliases (BC)
Closed	indygreg	D2774 hgweb: remove support for POST form data (BC)
Closed	indygreg	D2771 hgweb: expose input stream on parsed WSGI request object
Closed	indygreg	D2770 hgweb: make parsedrequest part of wsgirequest
Closed	indygreg	D2769 hgweb: refactor the request draining code
Closed	indygreg	D2768 hgweb: use a capped reader for WSGI input stream
Closed	indygreg	D2767 hgweb: document continuereader
Closed	indygreg	D2749 hgweb: remove wsgirequest.__iter__
Closed	indygreg	D2748 hgweb: remove wsgirequest.read()
Closed	indygreg	D2747 hgweb: remove unused methods on wsgirequest
Closed	indygreg	D2746 wireprotoserver: remove unused argument from _handlehttperror()
Closed	indygreg	D2745 hgweb: store and use request method on parsed request
Closed	indygreg	D2744 hgweb: handle CONTENT_LENGTH
Closed	indygreg	D2743 wireprotoserver: access headers through parsed request
Closed	indygreg	D2742 hgweb: parse and store HTTP request headers
Closed	indygreg	D2741 wireprotoserver: remove broken optimization for non-httplib client
Closed	indygreg	D2740 wireprotoserver: move all wire protocol handling logic out of hgweb
Closed	indygreg	D2739 hgweb: use parsed request to construct query parameters
Closed	indygreg	D2738 hgweb: only recognize wire protocol commands from query string (BC)
Closed	indygreg	D2737 hgweb: teach WSGI parser about query strings
Closed	indygreg	D2736 hgweb: use the parsed application path directly
Closed	indygreg	D2735 hgweb: use computed base URL from parsed request
Closed	indygreg	D2734 hgweb: parse WSGI request into a data structure
Closed	indygreg	D2733 hgweb: always use "?" when writing session vars
Closed	indygreg	D2732 hgweb: rename req to wsgireq
Closed	indygreg	D2731 hgweb: validate WSGI environment dict
Closed	indygreg	D2730 hgweb: ensure all wsgi environment values are str

Diff 6777

mercurial/hgweb/hgweb_mod.py

	# figure out which style to use			# figure out which style to use

	vars = {}			vars = {}
	styles, (style, mapfile) = getstyle(wsgireq, self.config,			styles, (style, mapfile) = getstyle(wsgireq, self.config,
	self.templatepath)			self.templatepath)
	if style == styles[0]:			if style == styles[0]:
	vars['style'] = style			vars['style'] = style

	start = '&' if wsgireq.url[-1] == r'?' else '?'			sessionvars = webutil.sessionvars(vars, '?')
	sessionvars = webutil.sessionvars(vars, start)

	if not self.reponame:			if not self.reponame:
	self.reponame = (self.config('web', 'name', '')			self.reponame = (self.config('web', 'name', '')
	or wsgireq.env.get('REPO_NAME')			or wsgireq.env.get('REPO_NAME')
	or wsgireq.url.strip(r'/') or self.repo.root)			or wsgireq.url.strip(r'/') or self.repo.root)

	def websubfilter(text):			def websubfilter(text):
	return templatefilters.websub(text, self.websubtable)			return templatefilters.websub(text, self.websubtable)

mercurial/hgweb/hgwebdir_mod.py

	url += '/'			url += '/'

	vars = {}			vars = {}
	styles, (style, mapfile) = hgweb_mod.getstyle(wsgireq, config,			styles, (style, mapfile) = hgweb_mod.getstyle(wsgireq, config,
	self.templatepath)			self.templatepath)
	if style == styles[0]:			if style == styles[0]:
	vars['style'] = style			vars['style'] = style

	start = r'&' if url[-1] == r'?' else r'?'			sessionvars = webutil.sessionvars(vars, r'?')
	sessionvars = webutil.sessionvars(vars, start)
	logourl = config('web', 'logourl')			logourl = config('web', 'logourl')
	logoimg = config('web', 'logoimg')			logoimg = config('web', 'logoimg')
	staticurl = config('web', 'staticurl') or url + 'static/'			staticurl = config('web', 'staticurl') or url + 'static/'
	if not staticurl.endswith('/'):			if not staticurl.endswith('/'):
	staticurl += '/'			staticurl += '/'

	defaults = {			defaults = {
	"encoding": encoding.encoding,			"encoding": encoding.encoding,

Diff	ID	Description	Created	Lint	Unit
Base		Base
Diff 1	6739		Mar 8 2018, 8:06 PM	★	★
Diff 2	6777	rHGec46415ed826ba23872d2dae8f1710cf1d30ea35	Mar 8 2018, 6:14 PM	★	★