Email Archive: webware-checkins (read-only)
|
[Webware-checkins] r6353 - Webware/trunk/WebKit
From: <updates@we...> - 2007-03-24 12:05
|
Author: chrisz Date: Sat Mar 24 06:05:28 2007 New Revision: 6353 Modified: Webware/trunk/WebKit/HTTPExceptions.py Log: Fixed security issue in HTTPExceptions.py (as suggested by Michael Hanselmann 2007-03-23). Modified: Webware/trunk/WebKit/HTTPExceptions.py ============================================================================== --- Webware/trunk/WebKit/HTTPExceptions.py (original) +++ Webware/trunk/WebKit/HTTPExceptions.py Sat Mar 24 06:05:28 2007 @@ -10,6 +10,7 @@ into responses. In various places these can also be caught and changed, for instance an `HTTPAuthenticationRequired` could be turned into a normal login page. + """ from WebUtils.Funcs import htmlEncode @@ -77,7 +78,8 @@ """The HTML body of the page.""" body = self.htDescription() if self.args: - body += ''.join(['<p>%s</p>\n' % str(l) for l in self.args]) + body += ''.join(['<p>%s</p>\n' + % htmlEncode(str(p)) for p in self.args]) return body def description(self): @@ -268,7 +270,7 @@ page = trans.application()._404Page if page: uri = trans.request().uri() - return page % uri + return page % htmlEncode(uri) else: return HTTPException.html(self) |
Thread View
| Thread | Author | Date |
|---|---|---|
| [Webware-checkins] r6353 - Webware/trunk/WebKit | <updates@we...> |