← Back to branch summary

~ubuntu-branches/ubuntu/intrepid/moin/intrepid-security

« back to all changes in this revision

Viewing changes to debian/patches/30003_CVE-2009-1482.patch

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-05-08 14:10:40 UTC
  • Revision ID: james.westby@ubuntu.com-20090508141040-pma5hyh6nqslr1ah
Tags: 1.7.1-1ubuntu1.2
* SECURITY UPDATE: Multiple XSS vulnerabilities in action/AttachFile.py
  - debian/patches/30003_CVE-2009-1482.patch: escape msg, pagename and
    attachment_name in MoinMoin/action/AttachFile.py.
  - CVE-2009-1482

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/30003_CVE-2009-1482.patch
 
1
#
 
2
# Description: fix multiple XSS vulnerabilities in action/AttachFile.py
 
3
# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526594
 
4
# Patch: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1
 
5
# Patch: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
 
6
#
 
7
diff -Nur moin-1.7.1/MoinMoin/action/AttachFile.py moin-1.7.1.new/MoinMoin/action/AttachFile.py
 
8
--- moin-1.7.1/MoinMoin/action/AttachFile.py    2009-05-08 14:10:19.000000000 -0400
 
9
+++ moin-1.7.1.new/MoinMoin/action/AttachFile.py        2009-05-08 14:10:35.000000000 -0400
 
10
@@ -387,6 +387,7 @@
 
11
 
 
12
 
 
13
 def error_msg(pagename, request, msg):
 
14
+    msg = wikiutil.escape(msg)
 
15
     request.theme.add_msg(msg, "error")
 
16
     Page(request, pagename).send_page()
 
17
 
 
18
@@ -512,7 +513,7 @@
 
19
     if handler:
 
20
         msg = handler(pagename, request)
 
21
     else:
 
22
-        msg = _('Unsupported AttachFile sub-action: %s') % (wikiutil.escape(do[0]), )
 
23
+        msg = _('Unsupported AttachFile sub-action: %s') % do[0]
 
24
     if msg:
 
25
         error_msg(pagename, request, msg)
 
26
 
 
27
@@ -522,6 +523,8 @@
 
28
 
 
29
 
 
30
 def upload_form(pagename, request, msg=''):
 
31
+    if msg:
 
32
+        msg = wikiutil.escape(msg)
 
33
     _ = request.getText
 
34
 
 
35
     request.emit_http_headers()
 
36
@@ -746,9 +749,9 @@
 
37
          'baseurl': request.getScriptname(),
 
38
          'do': 'attachment_move',
 
39
          'ticket': wikiutil.createTicket(request),
 
40
-         'pagename': pagename,
 
41
+         'pagename': wikiutil.escape(pagename, 1),
 
42
          'pagename_quoted': wikiutil.quoteWikinameURL(pagename),
 
43
-         'attachment_name': filename,
 
44
+         'attachment_name': wikiutil.escape(filename, 1),
 
45
          'move': _('Move'),
 
46
          'cancel': _('Cancel'),
 
47
          'newname_label': _("New page name"),
 
48
@@ -838,13 +841,13 @@
 
49
 
 
50
     if package.isPackage():
 
51
         if package.installPackage():
 
52
-            msg = _("Attachment '%(filename)s' installed.") % {'filename': wikiutil.escape(target)}
 
53
+            msg = _("Attachment '%(filename)s' installed.") % {'filename': target}
 
54
         else:
 
55
-            msg = _("Installation of '%(filename)s' failed.") % {'filename': wikiutil.escape(target)}
 
56
+            msg = _("Installation of '%(filename)s' failed.") % {'filename': target}
 
57
         if package.msg:
 
58
-            msg += "<br><pre>%s</pre>" % wikiutil.escape(package.msg)
 
59
+            msg += " " + package.msg
 
60
     else:
 
61
-        msg = _('The file %s is not a MoinMoin package file.') % wikiutil.escape(target)
 
62
+        msg = _('The file %s is not a MoinMoin package file.') % target
 
63
 
 
64
     upload_form(pagename, request, msg=msg)
 
65
 
 
66
@@ -948,7 +951,7 @@
 
67
         logging.exception("An exception within zip file attachment handling occurred:")
 
68
         msg = _("A severe error occurred:") + ' ' + str(err)
 
69
 
 
70
-    upload_form(pagename, request, msg=wikiutil.escape(msg))
 
71
+    upload_form(pagename, request, msg=msg)
 
72
 
 
73
 
 
74
 def send_viewfile(pagename, request):