diff MoinMoin/action/AttachFile.py @ 6120:eceb70c41ecc

security: fix XSS in AttachFile view (multifile related) CVE-2016-7148
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 28 Oct 2016 21:30:38 +0200
parents c506e1897d93
children cb45a8287559
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Fri Oct 28 17:03:20 2016 +0200
+++ b/MoinMoin/action/AttachFile.py	Fri Oct 28 21:30:38 2016 +0200
@@ -527,7 +527,7 @@
             delete=_("delete"),
             move=_("move to page"),
             copy=_("copy to page"),
-            pagename=pagename,
+            pagename=wikiutil.escape(pagename),
             submit=_("Do it."),
 ))
         html.append("</form>")