fix AttachFile XSS issues
authorThomas Waldmann <tw AT waldmann-edv DOT de>
Sun, 11 Jan 2009 22:18:04 +0100
changeset 42358cb4d34ccbc1
parent 4231 af8cea9bfcda
child 4236 2420b2aa34e8
child 4253 dffb00e59a3d
fix AttachFile XSS issues
MoinMoin/action/AttachFile.py
     1.1 --- a/MoinMoin/action/AttachFile.py	Wed Jan 07 01:17:06 2009 +0100
     1.2 +++ b/MoinMoin/action/AttachFile.py	Sun Jan 11 22:18:04 2009 +0100
     1.3 @@ -438,7 +438,7 @@
     1.4      'pngpath': pngpath, 'timestamp': timestamp,
     1.5      'pubpath': pubpath, 'drawpath': drawpath,
     1.6      'savelink': savelink, 'pagelink': pagelink, 'helplink': helplink,
     1.7 -    'basename': basename
     1.8 +    'basename': wikiutil.escape(basename),
     1.9  })
    1.10  
    1.11  
    1.12 @@ -482,7 +482,7 @@
    1.13      'action_name': action_name,
    1.14      'upload_label_file': _('File to upload'),
    1.15      'upload_label_rename': _('Rename to'),
    1.16 -    'rename': request.form.get('rename', [''])[0],
    1.17 +    'rename': wikiutil.escape(request.form.get('rename', [''])[0], 1),
    1.18      'upload_label_overwrite': _('Overwrite existing attachment of same name'),
    1.19      'overwrite_checked': ('', 'checked')[request.form.get('overwrite', ['0'])[0] == '1'],
    1.20      'upload_button': _('Upload'),