view MoinMoin/xmlrpc/WhoAmI.py @ 5910:7e7e1cbb9d3f

security: fix remote code execution vulnerability in twikidraw/anywikidraw actions We have wikiutil.taintfilename() to make user supplied filenames safe, so that they can't contain any "special" characters like path separators, etc. It is used at many places in moin, but wasn't used here. :|
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 29 Dec 2012 15:05:29 +0100
parents 1b0629547090
children
line wrap: on
line source
# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - Tells who you are and whether the wiki trusts you.

    @copyright: 2005 MoinMoin:ThomasWaldmann
    @license: GNU GPL, see COPYING for details.
"""

def execute(xmlrpcobj, *args):
    request = xmlrpcobj.request
    username = request.user.name
    if not username:
        username = "<unknown user>"
    valid = request.user.valid
    result = "You are %s. valid=%d." % (username.encode("utf-8"), valid)
    return xmlrpcobj._outstr(result)