Mercurial > moin > 1.9
changeset 5854:de8ebe586126
action/rss_rc.py: removed addition of page_pattern URL parameter value in RSS description comment to prevent possible arbitrary code injection issues.
| author | Eugene Syromyatnikov <evgsyr@gmail.com> |
|---|---|
| date | Sat, 19 May 2012 19:21:44 +0400 |
| parents | e1a4caec2513 |
| children | 3315eb3e4012 |
| files | MoinMoin/action/rss_rc.py |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/action/rss_rc.py Fri May 18 13:44:53 2012 +0400 +++ b/MoinMoin/action/rss_rc.py Sat May 19 19:21:44 2012 +0400 @@ -186,7 +186,7 @@ ' \n' ' Current settings: items=%(max_items)i, unique=%(unique)i, \n' ' diffs=%(diffs)i, ddiffs=%(ddiffs)i, lines=%(max_lines)i, \n' - ' show_att=%(show_att)i, page=%(page_pattern)s\n' + ' show_att=%(show_att)i\n' '-->\n' % locals() ).encode(config.charset))