fix XSS in Despam action (CVE-2010-0828) - thanks to Jamie Strandboge (Ubuntu) for fixing
Bug-Ubuntu: https://launchpad.net/bugs/538022
1.1 --- a/MoinMoin/action/Despam.py Thu Feb 25 16:51:33 2010 +0100
1.2 +++ b/MoinMoin/action/Despam.py Tue Mar 30 22:19:42 2010 +0200
1.3 @@ -173,14 +173,14 @@
1.4 if repr(line.getInterwikiEditorData(request)) == editor:
1.5 revertpages.append(line.pagename)
1.6
1.7 - request.write("Pages to revert:<br>%s" % "<br>".join(revertpages))
1.8 + request.write("Pages to revert:<br>%s" % "<br>".join([wikiutil.escape(p) for p in revertpages]))
1.9 for pagename in revertpages:
1.10 - request.write("Begin reverting %s ...<br>" % pagename)
1.11 + request.write("Begin reverting %s ...<br>" % wikiutil.escape(pagename))
1.12 msg = revert_page(request, pagename, editor)
1.13 if msg:
1.14 request.write("<p>%s: %s</p>" % (
1.15 Page.Page(request, pagename).link_to(request), msg))
1.16 - request.write("Finished reverting %s.<br>" % pagename)
1.17 + request.write("Finished reverting %s.<br>" % wikiutil.escape(pagename))
1.18
1.19 def execute(pagename, request):
1.20 _ = request.getText