From 4d8133ab5cba22d4fcc271422aeb1906a123fcf2 Mon Sep 17 00:00:00 2001
From: Martin <martin@mrvanes.com>
Date: Tue, 5 Feb 2019 09:15:42 +0100
Subject: [PATCH] Update mdx.py

This fixes an unescaped user input vulnerability
---
 src/pyff/mdx.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/pyff/mdx.py b/src/pyff/mdx.py
index 2d00bbcd..f729aee2 100644
--- a/src/pyff/mdx.py
+++ b/src/pyff/mdx.py
@@ -71,6 +71,7 @@
 from .i18n import language
 from . import samlmd
 import six
+from cgi import escape
 
 if six.PY2:
     _ = language.ugettext
@@ -576,8 +577,8 @@ def _d(x, do_split=True):
                     pdict['search'] = "/search/"
                     pdict['list'] = "/role/idp.json"
                 else:
-                    pdict['search'] = "{}.s".format(path)
-                    pdict['list'] = "{}.json".format(path)
+                    pdict['search'] = "{}.s".format(escape(path, quote=True))
+                    pdict['list'] = "{}.json".format(escape(path, quote=True))
 
                 pdict['storage'] = "/storage/"
                 cherrypy.response.headers['Content-Type'] = 'text/html'