File tree 2 files changed +3
-1
lines changed
2 files changed +3
-1
lines changed Original file line number Diff line number Diff line change @@ -203,6 +203,7 @@ def page_list(request):
203203def link_dialog (request ):
204204 # list of wiki pages
205205 name = request .values .get ("pagename" , "" )
206+ name_escaped = wikiutil .escape (name )
206207 if name :
207208 from MoinMoin import search
208209 # XXX error handling!
@@ -299,7 +300,7 @@ def link_dialog(request):
299300 <tr>
300301 <td>
301302 <span fckLang="PageDlgName">Page Name</span><br>
302- <input id="txtPagename" name="pagename" size="30" value="%(name )s">
303+ <input id="txtPagename" name="pagename" size="30" value="%(name_escaped )s">
303304 </td>
304305 <td valign="bottom">
305306 <input id=btnSearchpage type="submit" value="Search">
Original file line number Diff line number Diff line change @@ -23,6 +23,7 @@ Version 1.9.10 aka "the end of spam release" (not released yet)
2323 should be aware of beforehands.
2424
2525 Fixes:
26+ * security fix for CVE-2017-5934, XSS in GUI editor related code
2627 * fix wrong digestmod of hmac.new calls (incorporate 1.9.9 patch)
2728 * fix broken table attribute processing (wikiutil.escape)
2829 * fix AttributeError in multifile action
You can’t perform that action at this time.
0 commit comments