diff MoinMoin/action/CopyPage.py @ 5685:37306fba2189

Fixing security issues related to MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg (possible XSS)
author Eugene Syromyatnikov <evgsyr@gmail.com>
date Fri, 04 Jun 2010 00:13:24 +0400
parents e9a2cbcf5479
children 4238b0c90871
line wrap: on
line diff
--- a/MoinMoin/action/CopyPage.py	Fri Jun 04 00:08:29 2010 +0400
+++ b/MoinMoin/action/CopyPage.py	Fri Jun 04 00:13:24 2010 +0400
@@ -87,7 +87,7 @@
     def get_form_html(self, buttons_html):
         _ = self._
         if self.users_subpages:
-            subpages = ' '.join(self.users_subpages)
+            subpages = ' '.join([wikiutil.escape(page) for page in self.users_subpages])
 
             d = {
                 'textcha': TextCha(self.request).render(),