Mercurial > kallithea
view init.d/celeryd-upstart.conf @ 7552:e74aa69f6827 stable
lib: sanitize HTML for all types of README rendering, not only markdown
The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.
Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.
This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Sat, 26 Jan 2019 20:27:50 +0100 |
| parents | 24c0d584ba86 |
| children | e285bb7abb28 |
line wrap: on
line source
# celeryd - run the celeryd daemon as an upstart job for kallithea # Change variables/paths as necessary and place file /etc/init/celeryd.conf # start/stop/restart as normal upstart job (ie: $ start celeryd) description "Celery for Kallithea Mercurial Server" author "Matt Zuba <matt.zuba@goodwillaz.org" start on starting kallithea stop on stopped kallithea respawn umask 0022 env PIDFILE=/tmp/celeryd.pid env APPINI=/var/hg/kallithea/production.ini env HOME=/var/hg env USER=hg # To use group (if different from user), you must edit sudoers file and change # root's entry from (ALL) to (ALL:ALL) # env GROUP=hg script COMMAND="/var/hg/.virtualenvs/kallithea/bin/paster celeryd $APPINI --pidfile=$PIDFILE" if [ -z "$GROUP" ]; then exec sudo -u $USER $COMMAND else exec sudo -u $USER -g $GROUP $COMMAND fi end script post-stop script rm -f $PIDFILE end script