mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-26 23:40:57 +01:00
Provide an explicit "-R" flag to "hg serve"
Summary: See <https://discourse.phabricator-community.org/t/unable-to-use-current-mercurial-on-debian-stretch/391>. The Mercurial commit is helpful in particular: <https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499> We weren't vulnerable to the security issue (users can not control any part of the command) but pass the working directory explicitly to get past the new safety check. I left `setCWD()` in place (a few lines below) just because it can't hurt, and in some other contexts it sometimes matter (for example, if commit hooks execute, they might inherit the parent CWD here or in other VCSes). Test Plan: - Cloned from a Mercurial repo locally over HTTP. - Verified that SSH cloning already uses `-R` (it does, see `DiffusionMercurialServeSSHWorkflow`). - Did not actually upgrade to Mercurial 4.0/4.1.3 to completely verify this, but a user in the Discourse thread asserted that a substantially similar fix worked correctly. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D18611
This commit is contained in:
parent
5ae3af6691
commit
bd923d1ce0
1 changed files with 4 additions and 1 deletions
|
@ -768,7 +768,10 @@ final class DiffusionServeController extends DiffusionController {
|
|||
$input = strlen($input)."\n".$input."0\n";
|
||||
}
|
||||
|
||||
$command = csprintf('%s serve --stdio', $bin);
|
||||
$command = csprintf(
|
||||
'%s serve -R %s --stdio',
|
||||
$bin,
|
||||
$repository->getLocalPath());
|
||||
$command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
|
||||
|
||||
list($err, $stdout, $stderr) = id(new ExecFuture('%C', $command))
|
||||
|
|
Loading…
Reference in a new issue