Mercurial > moin > 1.9
changeset 5900:c98ec456e493
fix XSS issue, escape page name in rss link
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Sat, 08 Dec 2012 21:55:29 +0100 |
parents | d0567fba754e |
children | b9450db6c129 |
files | MoinMoin/theme/__init__.py |
diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/theme/__init__.py Sat Dec 08 21:47:40 2012 +0100 +++ b/MoinMoin/theme/__init__.py Sat Dec 08 21:55:29 2012 +0100 @@ -904,7 +904,8 @@ elif rss_supported and self.cfg.rss_show_page_history_link: link = (u'<link rel="alternate" title="%s: %s" ' u'href="%s" type="application/rss+xml">') % ( - wikiutil.escape(self.cfg.sitename, True), page.page_name, + wikiutil.escape(self.cfg.sitename, True), + wikiutil.escape(page.page_name, True), wikiutil.escape(page.url(self.request, querystr={ 'action': 'rss_rc', 'ddiffs': '1', 'unique': '0', 'diffs': '1', 'show_att': '1',