Mercurial > p > roundup > code

diff roundup/cgi/wsgi_handler.py @ 5665:ab37c1705dbf maint-1.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035
author John Rouillard <rouilj@ieee.org>
date Fri, 22 Mar 2019 18:16:11 -0400
parents 7aa72c31464d
children
line wrap: on
line diff
--- a/roundup/cgi/wsgi_handler.py	Thu Mar 07 15:42:21 2019 +0100
+++ b/roundup/cgi/wsgi_handler.py	Fri Mar 22 18:16:11 2019 -0400
@@ -66,7 +66,7 @@
             client.main()
         except roundup.cgi.client.NotFound:
             request.start_response([('Content-Type', 'text/html')], 404)
-            request.wfile.write('Not found: %s'%client.path)
+            request.wfile.write('Not found: %s'%cgi.escape(client.path))
 
         # all body data has been written using wfile
         return []
Roundup Issue Tracker: http://roundup-tracker.org/