Mercurial > moin > 1.9
changeset 6122:3bddf075fdbd
security: fix XSS in GUI editor's link dialogue CVE-2016-9119
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Mon, 31 Oct 2016 20:34:11 +0100 |
parents | 1563d6db198c |
children | 8537503261b1 |
files | MoinMoin/action/fckdialog.py |
diffstat | 1 files changed, 5 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/action/fckdialog.py Fri Oct 28 21:33:38 2016 +0200 +++ b/MoinMoin/action/fckdialog.py Mon Oct 31 20:34:11 2016 +0100 @@ -198,7 +198,7 @@ </table> </body> </html> -''' % "".join(["<option>%s</option>\n" % p for p in pages])) +''' % "".join(["<option>%s</option>\n" % wikiutil.escape(p) for p in pages])) def link_dialog(request): # list of wiki pages @@ -219,7 +219,7 @@ </select> <td> </tr> -''' % "\n".join(['<option value="%s">%s</option>' % (page, page) +''' % "\n".join(['<option value="%s">%s</option>' % (wikiutil.escape(page), wikiutil.escape(page)) for page in pages]) else: page_list = "" @@ -237,13 +237,14 @@ else: resultlist = iwpreferred[:-1] interwiki = "\n".join( - ['<option value="%s">%s</option>' % (key, key) for key in resultlist]) + ['<option value="%s">%s</option>' % (wikiutil.escape(key), wikiutil.escape(key)) + for key in resultlist]) # wiki url url_prefix_static = request.cfg.url_prefix_static scriptname = request.script_root + '/' action = scriptname - basepage = request.page.page_name + basepage = wikiutil.escape(request.page.page_name) request.write(u''' <!-- * FCKeditor - The text editor for internet