subject:"D2768\: hgweb\: use a capped reader for WSGI input stream"

D2768: hgweb: use a capped reader for WSGI input stream

2018-03-12 Thread indygreg (Gregory Szorc)

This revision was automatically updated to reflect the committed changes.
Closed by commit rHG290fc4c3d1e0: hgweb: use a capped reader for WSGI input 
stream (authored by indygreg, committed by ).

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D2768?vs=6830=6905

REVISION DETAIL
  https://phab.mercurial-scm.org/D2768

AFFECTED FILES
  mercurial/hgweb/request.py

CHANGE DETAILS

diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py
--- a/mercurial/hgweb/request.py
+++ b/mercurial/hgweb/request.py
@@ -234,6 +234,14 @@
 raise RuntimeError("Unknown and unsupported WSGI version %d.%d"
% version)
 self.inp = wsgienv[r'wsgi.input']
+
+if r'HTTP_CONTENT_LENGTH' in wsgienv:
+self.inp = util.cappedreader(self.inp,
+ int(wsgienv[r'HTTP_CONTENT_LENGTH']))
+elif r'CONTENT_LENGTH' in wsgienv:
+self.inp = util.cappedreader(self.inp,
+ int(wsgienv[r'CONTENT_LENGTH']))
+
 self.err = wsgienv[r'wsgi.errors']
 self.threaded = wsgienv[r'wsgi.multithread']
 self.multiprocess = wsgienv[r'wsgi.multiprocess']



To: indygreg, #hg-reviewers, durin42
Cc: mercurial-devel
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

D2768: hgweb: use a capped reader for WSGI input stream

2018-03-10 Thread indygreg (Gregory Szorc)

indygreg updated this revision to Diff 6830.
indygreg edited the summary of this revision.

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D2768?vs=6812=6830

REVISION DETAIL
  https://phab.mercurial-scm.org/D2768

AFFECTED FILES
  mercurial/hgweb/request.py

CHANGE DETAILS

diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py
--- a/mercurial/hgweb/request.py
+++ b/mercurial/hgweb/request.py
@@ -234,6 +234,14 @@
 raise RuntimeError("Unknown and unsupported WSGI version %d.%d"
% version)
 self.inp = wsgienv[r'wsgi.input']
+
+if r'HTTP_CONTENT_LENGTH' in wsgienv:
+self.inp = util.cappedreader(self.inp,
+ int(wsgienv[r'HTTP_CONTENT_LENGTH']))
+elif r'CONTENT_LENGTH' in wsgienv:
+self.inp = util.cappedreader(self.inp,
+ int(wsgienv[r'CONTENT_LENGTH']))
+
 self.err = wsgienv[r'wsgi.errors']
 self.threaded = wsgienv[r'wsgi.multithread']
 self.multiprocess = wsgienv[r'wsgi.multiprocess']



To: indygreg, #hg-reviewers
Cc: mercurial-devel
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

D2768: hgweb: use a capped reader for WSGI input stream

2018-03-09 Thread indygreg (Gregory Szorc)

indygreg created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  Per PEP-, the input stream from WSGI should respect EOF and
  prevent reads past the end of the request body. However, not all
  WSGI servers guarantee this. Notably, our BaseHTTPServer based
  built-in HTTP server doesn't. Instead, it exposes the raw socket
  and you can read() from it all you want, getting the connection in
  a bad state by doing so.
  
  We have a "cappedreader" utility class that proxies a file object
  and prevents reading past a limit.
  
  This commit converts the WSGI input stream into a capped reader when
  the input length is advertised via Content-Length headers.
  
  "cappedreader" only exposes a read() method. PEP- states that
  the input stream MUST also support readline(), readlines(hint), and
  __iter__(). However, since our code only calls read and we're not
  implementing a spec conforming WSGI server (just a WSGI application
  at this point), we don't need to support these additional methods.
  So the limited functionality of "cappedreader" is sufficient for our
  WSGI application.

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D2768

AFFECTED FILES
  mercurial/hgweb/request.py

CHANGE DETAILS

diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py
--- a/mercurial/hgweb/request.py
+++ b/mercurial/hgweb/request.py
@@ -234,6 +234,14 @@
 raise RuntimeError("Unknown and unsupported WSGI version %d.%d"
% version)
 self.inp = wsgienv[r'wsgi.input']
+
+if r'HTTP_CONTENT_LENGTH' in wsgienv:
+self.inp = util.cappedreader(self.inp,
+ int(wsgienv[r'HTTP_CONTENT_LENGTH']))
+elif r'CONTENT_LENGTH' in wsgienv:
+self.inp = util.cappedreader(self.inp,
+ int(wsgienv[r'CONTENT_LENGTH']))
+
 self.err = wsgienv[r'wsgi.errors']
 self.threaded = wsgienv[r'wsgi.multithread']
 self.multiprocess = wsgienv[r'wsgi.multiprocess']



To: indygreg, #hg-reviewers
Cc: mercurial-devel
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

D2768: hgweb: use a capped reader for WSGI input stream

D2768: hgweb: use a capped reader for WSGI input stream

D2768: hgweb: use a capped reader for WSGI input stream

3 matches

Site Navigation

Mail list logo

Footer information