Mercurial > moin > 1.9

changeset 6120:eceb70c41ecc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
security: fix XSS in AttachFile view (multifile related) CVE-2016-7148
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 28 Oct 2016 21:30:38 +0200
parents c506e1897d93
children 1563d6db198c
files MoinMoin/action/AttachFile.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Fri Oct 28 17:03:20 2016 +0200
+++ b/MoinMoin/action/AttachFile.py	Fri Oct 28 21:30:38 2016 +0200
@@ -527,7 +527,7 @@
             delete=_("delete"),
             move=_("move to page"),
             copy=_("copy to page"),
-            pagename=pagename,
+            pagename=wikiutil.escape(pagename),
             submit=_("Do it."),
 ))
         html.append("</form>")