Mercurial > p > roundup > code

diff roundup/cgi/wsgi_handler.py @ 5664:5579fa034f9e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035
author John Rouillard <rouilj@ieee.org>
date Fri, 22 Mar 2019 18:16:11 -0400
parents dccf9b7e5ee4
children 1a835db41674
line wrap: on
line diff
--- a/roundup/cgi/wsgi_handler.py	Fri Mar 22 14:43:21 2019 +0100
+++ b/roundup/cgi/wsgi_handler.py	Fri Mar 22 18:16:11 2019 -0400
@@ -69,7 +69,7 @@
             client.main()
         except roundup.cgi.client.NotFound:
             request.start_response([('Content-Type', 'text/html')], 404)
-            request.wfile.write(s2b('Not found: %s'%client.path))
+            request.wfile.write(s2b('Not found: %s'%cgi.escape(client.path)))
 
         # all body data has been written using wfile
         return []
Roundup Issue Tracker: http://roundup-tracker.org/