On Thu, Jun 29, 2017 at 7:07 PM, Warren Young <war...@etr-usa.com> wrote:
> A URL of the form /file/NAME?ci=ckout should work the same under Fossil UI > as /doc/ckout/NAME. > > I ask because I was working with a /file URL, then wanted to see the > checkout version of the file instead of the repo version. I spent quite a > while fighting with it before I gave up and rewrote it as an embedded doc > URL. > > This request is thus about orthogonality rather than about which URL type > is better. The ckout concept should work everywhere it makes sense. i like it, but it sounds like there's a _potential_ data leak case there which would need to be accounted for: /file//etc/hosts?ci=ckout or: /file/.fslckout?ci=ckout A blanket rejection of serving files outside the checkout (or fossil-internal files like .fslckout) is ostensibly fine... until someone wants to symlink to stuff outside of their checkout, which they're presumably expect to work. -- ----- stephan beal http://wanderinghorse.net/home/stephan/ "Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users