Files @ df930758dcf7
Branch filter:

Location: kallithea/init.d/kallithea-upstart.conf - annotation

df930758dcf7 759 B text/plain Show Source Show as Raw Download as Raw
mads
repos: extra HTML escaping of repo and repo group names shown in DataTables

These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.

raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.

just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
e285bb7abb28
e285bb7abb28
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
2c3d30095d5e
99ad9d0af1a3
99ad9d0af1a3
e285bb7abb28
99ad9d0af1a3

# kallithea - run the kallithea daemon as an upstart job
# Change variables/paths as necessary and place file /etc/init/kallithea.conf
# start/stop/restart as normal upstart job (ie: $ start kallithea)

description     "Kallithea Mercurial Server"
author          "Matt Zuba <matt.zuba@goodwillaz.org"

start on (local-filesystems and runlevel [2345])
stop on runlevel [!2345]

respawn

umask 0022

env PIDFILE=/var/hg/kallithea/kallithea.pid
env LOGFILE=/var/hg/kallithea/log/kallithea.log
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
env GROUP=hg

exec /var/hg/.virtualenvs/kallithea/bin/gearbox serve --user=$USER --group=$GROUP --pid-file=$PIDFILE --log-file=$LOGFILE -c $APPINI

post-stop script
    rm -f $PIDFILE
end script
Server instance: clio-18444 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support