changeset 5637:6e603e5411ca

fix XSS in Despam action (CVE-2010-0828) - thanks to Jamie Strandboge (Ubuntu) for fixing Bug-Ubuntu: https://launchpad.net/bugs/538022
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 30 Mar 2010 22:19:42 +0200
parents 369a2c879eb6
children 788131dd21c3 0d76fbaa3cd9
files MoinMoin/action/Despam.py
diffstat 1 files changed, 3 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/Despam.py	Thu Feb 25 16:51:33 2010 +0100
+++ b/MoinMoin/action/Despam.py	Tue Mar 30 22:19:42 2010 +0200
@@ -173,14 +173,14 @@
             if repr(line.getInterwikiEditorData(request)) == editor:
                 revertpages.append(line.pagename)
 
-    request.write("Pages to revert:<br>%s" % "<br>".join(revertpages))
+    request.write("Pages to revert:<br>%s" % "<br>".join([wikiutil.escape(p) for p in revertpages]))
     for pagename in revertpages:
-        request.write("Begin reverting %s ...<br>" % pagename)
+        request.write("Begin reverting %s ...<br>" % wikiutil.escape(pagename))
         msg = revert_page(request, pagename, editor)
         if msg:
             request.write("<p>%s: %s</p>" % (
                 Page.Page(request, pagename).link_to(request), msg))
-        request.write("Finished reverting %s.<br>" % pagename)
+        request.write("Finished reverting %s.<br>" % wikiutil.escape(pagename))
 
 def execute(pagename, request):
     _ = request.getText