← Back to branch summary

~ubuntu-branches/ubuntu/hardy/moin/hardy-security

« back to all changes in this revision

Viewing changes to debian/patches/00846_fix_XSS_with_RenamePage_and_DeletePage.patch

  • Committer: Bazaar Package Importer
  • Author(s): Matthias Klose
  • Date: 2007-12-06 17:44:41 UTC
  • mfrom: (0.6.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20071206174441-20bxkrbqdglgh4l7
Tags: 1.5.8-5ubuntu1
https://launchpad.net/bugs/31728
* Merge with Debian; remaining changes:
  - Suggest python-xml (needed for DocBook rendering). LP: #31728.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/00846_fix_XSS_with_RenamePage_and_DeletePage.patch
 
1
 
 
2
# HG changeset patch
 
3
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
 
4
# Date 1189526320 -7200
 
5
# Node ID 4ede07e792dd6c093f262ae79231fb5ba1f35102
 
6
# Parent d0152eeb4499264758c33d320e73db478515ba44
 
7
Fixed XSS issue in RenamePage/DeletePage action
 
8
 
 
9
--- a/MoinMoin/PageEditor.py    Tue Aug 28 14:48:30 2007 +0200
 
10
+++ b/MoinMoin/PageEditor.py    Tue Sep 11 17:58:40 2007 +0200
 
11
@@ -467,7 +467,7 @@ If you don't want that, hit '''%(cancel_
 
12
 
 
13
         pageexists_error = _("""'''A page with the name {{{'%s'}}} already exists.'''
 
14
 
 
15
-Try a different name.""") % (newpagename,)
 
16
+Try a different name.""") % (wikiutil.escape(newpagename), )
 
17
 
 
18
         # Check whether a page with the new name already exists
 
19
         if newpage.exists(includeDeleted=1):
 
20
@@ -518,7 +518,7 @@ Try a different name.""") % (newpagename
 
21
             msg = self.saveText(u"deleted\n", 0, comment=comment or u'')
 
22
             msg = msg.replace(
 
23
                 _("Thank you for your changes. Your attention to detail is appreciated."),
 
24
-                _('Page "%s" was successfully deleted!') % (self.page_name,))
 
25
+                _('Page "%s" was successfully deleted!') % (wikiutil.escape(self.page_name), ))
 
26
             # Then really delete it
 
27
             try:
 
28
                 os.remove(self._text_filename())
 
29
--- a/docs/CHANGES      Tue Aug 28 14:48:30 2007 +0200
 
30
+++ b/docs/CHANGES      Tue Sep 11 17:58:40 2007 +0200
 
31
@@ -34,6 +34,7 @@ Version 1.5.current:
 
32
       rights, but only write rights. Now it checks that the user has write AND
 
33
       delete rights before overwriting a file.
 
34
     * Fixed potential XSS issues related to feeding of gui editor.
 
35
+    * Fixed XSS issue in RenamePage/DeletePage action.
 
36
 
 
37
 Version 1.5.8:
 
38
   New features:
 
39