kallithea Files · init.d/celeryd-upstart.conf

Files @ 04e44ea05c5f

Branch filter:

Location: kallithea/init.d/celeryd-upstart.conf - annotation

04e44ea05c5f 904 B text/plain Show Source Show as Raw Download as Raw

Thomas De Schampheleire

compare: prevent XSS due to unescaped branch/tag/bookmark names

In the revision selection dropdown of the 'Compare' functionality, the
branch/tag/bookmark names were not correctly escaped.

This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.

Fix the problem by correctly escaping the branch/tag/bookmarks.

99ad9d0af1a3
58df0b3ed377
58df0b3ed377
58df0b3ed377
24c0d584ba86
58df0b3ed377
58df0b3ed377
99ad9d0af1a3
99ad9d0af1a3
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
99ad9d0af1a3
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
99ad9d0af1a3
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377
58df0b3ed377

# celeryd - run the celeryd daemon as an upstart job for kallithea
# Change variables/paths as necessary and place file /etc/init/celeryd.conf
# start/stop/restart as normal upstart job (ie: $ start celeryd)

description	"Celery for Kallithea Mercurial Server"
author		"Matt Zuba <matt.zuba@goodwillaz.org"

start on starting kallithea
stop on stopped kallithea

respawn

umask 0022

env PIDFILE=/tmp/celeryd.pid
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
# To use group (if different from user), you must edit sudoers file and change
# root's entry from (ALL) to (ALL:ALL)
# env GROUP=hg

script
    COMMAND="/var/hg/.virtualenvs/kallithea/bin/paster celeryd $APPINI --pidfile=$PIDFILE"
    if [ -z "$GROUP" ]; then
        exec sudo -u $USER $COMMAND
    else
        exec sudo -u $USER -g $GROUP $COMMAND
    fi
end script

post-stop script
    rm -f $PIDFILE
end script