3
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
4
# Date 1189526320 -7200
5
# Node ID 4ede07e792dd6c093f262ae79231fb5ba1f35102
6
# Parent d0152eeb4499264758c33d320e73db478515ba44
7
Fixed XSS issue in RenamePage/DeletePage action
9
--- a/MoinMoin/PageEditor.py Tue Aug 28 14:48:30 2007 +0200
10
+++ b/MoinMoin/PageEditor.py Tue Sep 11 17:58:40 2007 +0200
11
@@ -467,7 +467,7 @@ If you don't want that, hit '''%(cancel_
13
pageexists_error = _("""'''A page with the name {{{'%s'}}} already exists.'''
15
-Try a different name.""") % (newpagename,)
16
+Try a different name.""") % (wikiutil.escape(newpagename), )
18
# Check whether a page with the new name already exists
19
if newpage.exists(includeDeleted=1):
20
@@ -518,7 +518,7 @@ Try a different name.""") % (newpagename
21
msg = self.saveText(u"deleted\n", 0, comment=comment or u'')
23
_("Thank you for your changes. Your attention to detail is appreciated."),
24
- _('Page "%s" was successfully deleted!') % (self.page_name,))
25
+ _('Page "%s" was successfully deleted!') % (wikiutil.escape(self.page_name), ))
26
# Then really delete it
28
os.remove(self._text_filename())
29
--- a/docs/CHANGES Tue Aug 28 14:48:30 2007 +0200
30
+++ b/docs/CHANGES Tue Sep 11 17:58:40 2007 +0200
31
@@ -34,6 +34,7 @@ Version 1.5.current:
32
rights, but only write rights. Now it checks that the user has write AND
33
delete rights before overwriting a file.
34
* Fixed potential XSS issues related to feeding of gui editor.
35
+ * Fixed XSS issue in RenamePage/DeletePage action.