# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1231708684 -3600
# Node ID 8cb4d34ccbc1357f57b2c7dc4dcb745a929b27d1
# Parent  af8cea9bfcda6c0b8c8f6032f01ee6944effeaea
fix AttachFile XSS issues

diff -r af8cea9bfcda -r 8cb4d34ccbc1 MoinMoin/action/AttachFile.py
--- a/MoinMoin/action/AttachFile.py	Wed Jan 07 01:17:06 2009 +0100
+++ b/MoinMoin/action/AttachFile.py	Sun Jan 11 22:18:04 2009 +0100
@@ -438,7 +438,7 @@
     'pngpath': pngpath, 'timestamp': timestamp,
     'pubpath': pubpath, 'drawpath': drawpath,
     'savelink': savelink, 'pagelink': pagelink, 'helplink': helplink,
-    'basename': basename
+    'basename': wikiutil.escape(basename),
 })
 
 
@@ -482,7 +482,7 @@
     'action_name': action_name,
     'upload_label_file': _('File to upload'),
     'upload_label_rename': _('Rename to'),
-    'rename': request.form.get('rename', [''])[0],
+    'rename': wikiutil.escape(request.form.get('rename', [''])[0], 1),
     'upload_label_overwrite': _('Overwrite existing attachment of same name'),
     'overwrite_checked': ('', 'checked')[request.form.get('overwrite', ['0'])[0] == '1'],
     'upload_button': _('Upload'),