comparison MoinMoin/action/AttachFile.py @ 6120:eceb70c41ecc

security: fix XSS in AttachFile view (multifile related) CVE-2016-7148
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 28 Oct 2016 21:30:38 +0200
parents c506e1897d93
children cb45a8287559
comparison
equal deleted inserted replaced
6119:c506e1897d93 6120:eceb70c41ecc
525 all_files=_('All files'), 525 all_files=_('All files'),
526 sel_files=_("Selected Files:"), 526 sel_files=_("Selected Files:"),
527 delete=_("delete"), 527 delete=_("delete"),
528 move=_("move to page"), 528 move=_("move to page"),
529 copy=_("copy to page"), 529 copy=_("copy to page"),
530 pagename=pagename, 530 pagename=wikiutil.escape(pagename),
531 submit=_("Do it."), 531 submit=_("Do it."),
532 )) 532 ))
533 html.append("</form>") 533 html.append("</form>")
534 534
535 else: 535 else: