diff MoinMoin/action/AttachFile.py @ 3267:65be8803b8df

Attachfile.getAttachUrl: fixed upload tainting of rename
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Sun, 16 Mar 2008 17:50:51 +0100
parents f62792cb2d24
children 99e7f184541f
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Sun Mar 16 17:35:30 2008 +0100
+++ b/MoinMoin/action/AttachFile.py	Sun Mar 16 17:50:51 2008 +0100
@@ -88,10 +88,10 @@
     if upload:
         if not drawing:
             url = attachUrl(request, pagename, filename,
-                            rename=filename, action=action_name)
+                            rename=wikiutil.taintfilename(filename), action=action_name)
         else:
             url = attachUrl(request, pagename, filename,
-                            rename=filename, drawing=drawing, action=action_name)
+                            rename=wikiutil.taintfilename(filename), drawing=drawing, action=action_name)
     else:
         if not drawing:
             url = attachUrl(request, pagename, filename,