diff frontends/roundup.cgi @ 5665:ab37c1705dbf maint-1.6

Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035
author John Rouillard <rouilj@ieee.org>
date Fri, 22 Mar 2019 18:16:11 -0400
parents 52b0e416f0bc
children
line wrap: on
line diff
--- a/frontends/roundup.cgi	Thu Mar 07 15:42:21 2019 +0100
+++ b/frontends/roundup.cgi	Fri Mar 22 18:16:11 2019 -0400
@@ -179,7 +179,7 @@
                 request.send_response(404)
                 request.send_header('Content-Type', 'text/html')
                 request.end_headers()
-                out.write('Not found: %s'%client.path)
+                out.write('Not found: %s'%cgi.escape(client.path))
 
     else:
         import urllib

Roundup Issue Tracker: http://roundup-tracker.org/