1.1 --- a/MoinMoin/action/login.py	Fri Jan 18 21:40:23 2008 +0100
     1.2 +++ b/MoinMoin/action/login.py	Sun Jan 20 17:36:42 2008 +0100
     1.3 @@ -40,12 +40,12 @@
     1.4              if not user.isValidName(request, name):
     1.5                   error = _("""Invalid user name {{{'%s'}}}.
     1.6  Name may contain any Unicode alpha numeric character, with optional one
     1.7 -space between words. Group page name is not allowed.""") % name
     1.8 +space between words. Group page name is not allowed.""") % wikiutil.escape(name)
     1.9  
    1.10              # Check that user exists
    1.11              elif not user.getUserId(request, name):
    1.12                  error = _('Unknown user name: {{{"%s"}}}. Please enter'
    1.13 -                             ' user name and password.') % name
    1.14 +                             ' user name and password.') % wikiutil.escape(name)
    1.15  
    1.16              # Require password
    1.17              else:

     2.1 --- a/docs/CHANGES	Fri Jan 18 21:40:23 2008 +0100
     2.2 +++ b/docs/CHANGES	Sun Jan 20 17:36:42 2008 +0100
     2.3 @@ -43,6 +43,7 @@
     2.4      * added missing data/plugin/converter package
     2.5      * Fixed Despam action (same editor grouping was broken), now looking for
     2.6        spam edits in the last 30 days.
     2.7 +    * Fixed XSS issue in login action.
     2.8  
     2.9  Version 1.5.8:
    2.10    New features: