comparison MoinMoin/action/login.py @ 5685:37306fba2189

Fixing security issues related to MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg (possible XSS)
author Eugene Syromyatnikov <evgsyr@gmail.com>
date Fri, 04 Jun 2010 00:13:24 +0400
parents 2a3a6cb34e45
children 4238b0c90871 f8871116c6b3
comparison
equal deleted inserted replaced
5684:0d76fbaa3cd9 5685:37306fba2189
66 return self.handle_multistage() 66 return self.handle_multistage()
67 error = [] 67 error = []
68 if hasattr(request, '_login_messages'): 68 if hasattr(request, '_login_messages'):
69 for msg in request._login_messages: 69 for msg in request._login_messages:
70 error.append('<p>') 70 error.append('<p>')
71 error.append(msg) 71 error.append(wikiutil.escape(msg))
72 error = ''.join(error) 72 error = ''.join(error)
73 request.theme.add_msg(error, "error") 73 request.theme.add_msg(error, "error")
74 return self.page.send_page() 74 return self.page.send_page()
75 75
76 else: # show login form 76 else: # show login form