HGKeeper

Do not execute server hooks without write permission

15 months ago, aklitzing

a9755831b8bd

Parents 7dc04c05874e
Children b7bd8f17113a

Do not execute server hooks without write permission

If an authenticated user pushed to a repository with server
hooks it was possible to execute those hooks even the user
has no write permission.

So let's re-order the hooks to execute the deny hook first.

Reviewed at https://reviews.imfreedom.org/r/2400/

1 files changed, 6 insertions(+), 4 deletions(-)

+6 -4

hg/hg.go

~~--- a/hg/hg.go Wed Mar 15 03:25:21 2023 -0500~~

+++ b/hg/hg.go Thu Mar 30 19:49:40 2023 -0500

@@ -45,15 +45,17 @@

c.tmpHgrc = hgrc

+ rcs := []string{}

+

+ // add the hgrc that controls writability

+ rcs = append(rcs, c.tmpHgrc)

+

// site.hgrc is deprecated, but we still support it for now

~~- rcs := []string{filepath.Join(access.AdminRepoPath(), "site.hgrc")}~~

+ rcs = append(rcs, filepath.Join(access.AdminRepoPath(), "site.hgrc"))

// add the repo specific hgrc's

rcs = append(rcs, findHgrcsForRepo(repoName)...)

~~- // add the hgrc that controls writability~~

~~- rcs = append(rcs, c.tmpHgrc)~~

-

c.cmd.Env = append(

os.Environ(),

"HGRCPATH="+strings.Join(rcs, string(filepath.ListSeparator)),

grim/hgkeeper