Mercurial > p > roundup > code
annotate roundup/anypy/hashlib_.py @ 4851:24b8011cd2dc
Fix XSS in issue2550817
Note that the code that triggers that particular bug is no longer in
roundup core. But the change to the templates we suggest is a *lot*
safer as it always escapes the error and ok messages now.
If you are upgrading: you *MUST* read doc/upgrading.txt and do the
necessary changes to your templates, the escaping now happens in the
template and not in the roundup code. So if you don't make the necessary
changes *you are vulnerable*.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Fri, 20 Dec 2013 18:24:10 +0100 |
| parents | 357c6079c73b |
| children |
| rev | line source |
|---|---|
|
4089
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 """ |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 anypy.hashlib_: encapsulation of hashlib/md5/sha1/sha |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 """ |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5 try: |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 from hashlib import md5, sha1 # new in Python 2.5 |
|
4491
357c6079c73b
python2.4 compatibility fix
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4089
diff
changeset
|
7 shamodule = sha1 |
|
4089
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 except ImportError: |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 from md5 import md5 # deprecated in Python 2.6 |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 from sha import sha as sha1 # deprecated in Python 2.6 |
|
4491
357c6079c73b
python2.4 compatibility fix
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4089
diff
changeset
|
11 import sha as shamodule |
|
4089
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
12 |
|
eddb82d0964c
Add compatibility package to allow us to deal with Python versions 2.3..2.6.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
13 # vim: ts=8 sts=4 sw=4 si |