changeset 2204:6a37ecdd79d5

fix cgitb XSS vulnerability (ported from 1.5 repo)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 14 May 2007 21:39:52 +0200
parents 7f76fff062c8
children cfc1595e53dc
files MoinMoin/support/cgitb.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/support/cgitb.py	Mon May 07 22:50:51 2007 +0200
+++ b/MoinMoin/support/cgitb.py	Mon May 14 21:39:52 2007 +0200
@@ -532,7 +532,7 @@
     def formatOneTextTraceback(self, info):
         """ Separate to enable formatting multiple tracebacks. """
         import traceback
-        return ''.join(traceback.format_exception(*info))
+        return pydoc.html.escape(''.join(traceback.format_exception(*info)))
 
     def textTracebackTemplate(self):
         return '''