2
# Patch: http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7
3
# Description: XSS fix for login action
5
diff -Nur moin-1.5.8/MoinMoin/action/login.py moin-1.5.8.new/MoinMoin/action/login.py
6
--- moin-1.5.8/MoinMoin/action/login.py 2006-05-11 11:24:00.000000000 -0500
7
+++ moin-1.5.8.new/MoinMoin/action/login.py 2009-01-29 17:29:20.000000000 -0600
9
if not user.isValidName(request, name):
10
error = _("""Invalid user name {{{'%s'}}}.
11
Name may contain any Unicode alpha numeric character, with optional one
12
-space between words. Group page name is not allowed.""") % name
13
+space between words. Group page name is not allowed.""") % wikiutil.escape(name)
15
# Check that user exists
16
elif not user.getUserId(request, name):
17
error = _('Unknown user name: {{{"%s"}}}. Please enter'
18
- ' user name and password.') % name
19
+ ' user name and password.') % wikiutil.escape(name)