Without looking at the code, I don't believe environment variables are
exposed to the templating system.
That could be a potential feature. However, in the context of the HTTP
server and the hg server process it could be a security issue because the
process may be running as a separate user and have access to
privileged/secret environment variables. Anyone with the power to craft a
templating string could exfiltrate secrets from the process. I'm unsure if
the logic in my security assessment is sound. But my gut tells me this
would be a dangerous feature to have.
On Sun, Jan 23, 2022 at 5:37 AM Norman Gray <g...@nxg.name> wrote:
>
> Greetings.
>
> I have an hgweb server running behind nginx, which talks to it via
> uwsgi. I want to get access to the REQUEST_URI uwsgi environment
> variable within a template (ie, one of the .tmpl files), but can't work
> out how to.
>
> Looking at the code of request.py, I can see that the environment is
> bundled up into a dict-valued rawenv attribute in a parsedrequest
> object, and that the REQUEST_URI environment variable is in there. So
> the information is... nearby, but I can't for the life of me work out
> how to get at it from within a template.
>
> I've tried {rawenv%REQUEST_URI} and {rawenv.REQUEST_URI}, and
> (get(rawenv,'REQUEST_URI')}, so it's clear that my initial guess, that
> the various relevant dictionaries are in scope to be looked up by the
> Mercurial template language, is wrong. As you can see, though I've
> looked at request.py, I haven't gone through it in enough detail to be
> confident about how the information is moving about.
>
> I'm conscious, of course, that there may be a horde of documentation I'm
> simply missing, so I'm very happy to RTFM if I can find where the full
> FM is located.
>
> Why do I want this? Because of the way I've laid out the URLs here, with
> some non-trivial (but not insane) URL rewriting, I've made things a bit
> hard for myself: in the template, {url} doesn't expand to the actual URI
> from the client point of view, but instead to the ‘real’ location
> after rewriting. It's the client-visible URL I want to manipulate in
> the template.
>
> I've looked at a few recent months in the list archive, and at entries
> in the bugparade [1] (both open and a quick look through the closed
> ones), but I haven't stumbled across any discussion of a similar issue.
> I did ask a question on stackoverflow [2], but I don't think that's
> currently a rich source of Hg help, unfortunately.
>
> Thanks for any pointers,
>
> Norman
>
>
> [1]
>
> https://bz.mercurial-scm.org/buglist.cgi?bug_status=__open__&content=hgweb&no_redirect=1&order=Importance&query_format=specific
> [2]
>
> https://stackoverflow.com/questions/70237641/hgweb-access-to-rawenv-or-request-uri-within-a-template
>
> --
> Norman Gray : https://nxg.me.uk
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel@mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
>
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
