Fixed XSS issue in RenamePage/DeletePage action
authorThomas Waldmann <tw AT waldmann-edv DOT de>
Tue, 11 Sep 2007 17:58:40 +0200
changeset 8464ede07e792dd
parent 844 d0152eeb4499
child 847 e74d8f2f0d9b
Fixed XSS issue in RenamePage/DeletePage action
MoinMoin/PageEditor.py
docs/CHANGES
     1.1 --- a/MoinMoin/PageEditor.py	Tue Aug 28 14:48:30 2007 +0200
     1.2 +++ b/MoinMoin/PageEditor.py	Tue Sep 11 17:58:40 2007 +0200
     1.3 @@ -467,7 +467,7 @@
     1.4  
     1.5          pageexists_error = _("""'''A page with the name {{{'%s'}}} already exists.'''
     1.6  
     1.7 -Try a different name.""") % (newpagename,)
     1.8 +Try a different name.""") % (wikiutil.escape(newpagename), )
     1.9  
    1.10          # Check whether a page with the new name already exists
    1.11          if newpage.exists(includeDeleted=1):
    1.12 @@ -518,7 +518,7 @@
    1.13              msg = self.saveText(u"deleted\n", 0, comment=comment or u'')
    1.14              msg = msg.replace(
    1.15                  _("Thank you for your changes. Your attention to detail is appreciated."),
    1.16 -                _('Page "%s" was successfully deleted!') % (self.page_name,))
    1.17 +                _('Page "%s" was successfully deleted!') % (wikiutil.escape(self.page_name), ))
    1.18              # Then really delete it
    1.19              try:
    1.20                  os.remove(self._text_filename())
     2.1 --- a/docs/CHANGES	Tue Aug 28 14:48:30 2007 +0200
     2.2 +++ b/docs/CHANGES	Tue Sep 11 17:58:40 2007 +0200
     2.3 @@ -34,6 +34,7 @@
     2.4        rights, but only write rights. Now it checks that the user has write AND
     2.5        delete rights before overwriting a file.
     2.6      * Fixed potential XSS issues related to feeding of gui editor.
     2.7 +    * Fixed XSS issue in RenamePage/DeletePage action.
     2.8  
     2.9  Version 1.5.8:
    2.10    New features: