changeset 5854:de8ebe586126

action/rss_rc.py: removed addition of page_pattern URL parameter value in RSS description comment to prevent possible arbitrary code injection issues.
author Eugene Syromyatnikov <evgsyr@gmail.com>
date Sat, 19 May 2012 19:21:44 +0400
parents e1a4caec2513
children 3315eb3e4012
files MoinMoin/action/rss_rc.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/rss_rc.py	Fri May 18 13:44:53 2012 +0400
+++ b/MoinMoin/action/rss_rc.py	Sat May 19 19:21:44 2012 +0400
@@ -186,7 +186,7 @@
             '    \n'
             '    Current settings: items=%(max_items)i, unique=%(unique)i, \n'
             '    diffs=%(diffs)i, ddiffs=%(ddiffs)i, lines=%(max_lines)i, \n'
-            '    show_att=%(show_att)i, page=%(page_pattern)s\n'
+            '    show_att=%(show_att)i\n'
             '-->\n' % locals()
             ).encode(config.charset))