Mercurial > moin > 1.9
changeset 6121:1563d6db198c
security: fix XSS in GUI editor's attachment dialogue CVE-2016-7146
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Fri, 28 Oct 2016 21:33:38 +0200 |
parents | eceb70c41ecc |
children | 3bddf075fdbd |
files | MoinMoin/action/fckdialog.py |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/action/fckdialog.py Fri Oct 28 21:30:38 2016 +0200 +++ b/MoinMoin/action/fckdialog.py Fri Oct 28 21:33:38 2016 +0200 @@ -381,7 +381,7 @@ requestedPagename = wikiutil.escape(request.values.get("requestedPagename", ""), quote=True) destinationPagename = wikiutil.escape(request.values.get("destinationPagename", request.page.page_name), quote=True) - attachmentsPagename = requestedPagename or request.page.page_name + attachmentsPagename = requestedPagename or wikiutil.escape(request.page.page_name) attachments = _get_files(request, attachmentsPagename) attachments.sort() attachmentList = '''