Mercurial > moin > 1.9
changeset 6120:eceb70c41ecc
security: fix XSS in AttachFile view (multifile related) CVE-2016-7148
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Fri, 28 Oct 2016 21:30:38 +0200 |
parents | c506e1897d93 |
children | 1563d6db198c |
files | MoinMoin/action/AttachFile.py |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py Fri Oct 28 17:03:20 2016 +0200 +++ b/MoinMoin/action/AttachFile.py Fri Oct 28 21:30:38 2016 +0200 @@ -527,7 +527,7 @@ delete=_("delete"), move=_("move to page"), copy=_("copy to page"), - pagename=pagename, + pagename=wikiutil.escape(pagename), submit=_("Do it."), )) html.append("</form>")