From bd923d1ce0914f587a8ef5ad1a4f171b52cc4925 Mon Sep 17 00:00:00 2001 From: epriestley Date: Fri, 15 Sep 2017 05:46:41 -0700 Subject: [PATCH] Provide an explicit "-R" flag to "hg serve" Summary: See . The Mercurial commit is helpful in particular: We weren't vulnerable to the security issue (users can not control any part of the command) but pass the working directory explicitly to get past the new safety check. I left `setCWD()` in place (a few lines below) just because it can't hurt, and in some other contexts it sometimes matter (for example, if commit hooks execute, they might inherit the parent CWD here or in other VCSes). Test Plan: - Cloned from a Mercurial repo locally over HTTP. - Verified that SSH cloning already uses `-R` (it does, see `DiffusionMercurialServeSSHWorkflow`). - Did not actually upgrade to Mercurial 4.0/4.1.3 to completely verify this, but a user in the Discourse thread asserted that a substantially similar fix worked correctly. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D18611 --- .../diffusion/controller/DiffusionServeController.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/applications/diffusion/controller/DiffusionServeController.php b/src/applications/diffusion/controller/DiffusionServeController.php index 5e61ae3a7c..98942cf2e7 100644 --- a/src/applications/diffusion/controller/DiffusionServeController.php +++ b/src/applications/diffusion/controller/DiffusionServeController.php @@ -768,7 +768,10 @@ final class DiffusionServeController extends DiffusionController { $input = strlen($input)."\n".$input."0\n"; } - $command = csprintf('%s serve --stdio', $bin); + $command = csprintf( + '%s serve -R %s --stdio', + $bin, + $repository->getLocalPath()); $command = PhabricatorDaemon::sudoCommandAsDaemonUser($command); list($err, $stdout, $stderr) = id(new ExecFuture('%C', $command))