changeset 6054:7dd392e803fa

security fix: XSS in useragents stats
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Wed, 20 Aug 2014 10:52:31 +0200
parents f9da0da53a43
children b9fe16430474
files MoinMoin/stats/useragents.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/stats/useragents.py	Mon Aug 04 23:36:41 2014 +0200
+++ b/MoinMoin/stats/useragents.py	Wed Aug 20 10:52:31 2014 +0200
@@ -106,7 +106,7 @@
     if total:
         for cnt, ua in data:
             try:
-                ua = unicode(ua)
+                ua = wikiutil.escape(unicode(ua))
                 agents.addRow((ua, "%.2f" % (100.0 * cnt / total)))
                 cnt_printed += cnt
             except UnicodeError: