Mercurial > p > roundup > code

diff frontends/roundup.cgi @ 5664:5579fa034f9e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035
author John Rouillard <rouilj@ieee.org>
date Fri, 22 Mar 2019 18:16:11 -0400
parents e0c83bf2e628
children 032e5db8bf2f
line wrap: on
line diff
--- a/frontends/roundup.cgi	Fri Mar 22 14:43:21 2019 +0100
+++ b/frontends/roundup.cgi	Fri Mar 22 18:16:11 2019 -0400
@@ -181,7 +181,7 @@
                 request.send_response(404)
                 request.send_header('Content-Type', 'text/html')
                 request.end_headers()
-                out.write(s2b('Not found: %s'%client.path))
+                out.write(s2b('Not found: %s'%cgi.escape(client.path)))
 
     else:
         from roundup.anypy import urllib_
Roundup Issue Tracker: http://roundup-tracker.org/