Changeset - a8f2986afc18
[Not reviewed]
stable
0 5 0
Nick High - 4 years ago 2015-04-12 18:46:25
nick@silverchip.org
security: Fix HTML and JavaScript injection.

This fixes CVE-2015-1864
5 files changed with 10 insertions and 10 deletions:
0 comments (0 inline, 0 general)
kallithea/controllers/admin/repo_groups.py
Show inline comments
...
 
@@ -144,7 +144,7 @@ class RepoGroupsController(BaseControlle
 
            repo_groups_data.append({
 
                "raw_name": repo_gr.group_name,
 
                "group_name": repo_group_name(repo_gr.group_name, children_groups),
 
                "desc": repo_gr.group_description,
 
                "desc": h.escape(repo_gr.group_description),
 
                "repos": repo_count,
 
                "owner": h.person(repo_gr.user),
 
                "action": repo_group_actions(repo_gr.group_id, repo_gr.group_name,
kallithea/controllers/admin/user_groups.py
Show inline comments
...
 
@@ -113,7 +113,7 @@ class UserGroupsController(BaseControlle
 
                "raw_name": user_gr.users_group_name,
 
                "group_name": user_group_name(user_gr.users_group_id,
 
                                              user_gr.users_group_name),
 
                "desc": user_gr.user_group_description,
 
                "desc": h.escape(user_gr.user_group_description),
 
                "members": len(user_gr.members),
 
                "active": h.boolicon(user_gr.users_group_active),
 
                "owner": h.person(user_gr.user.username),
kallithea/controllers/admin/users.py
Show inline comments
...
 
@@ -96,8 +96,8 @@ class UsersController(BaseController):
 
                "gravatar": grav_tmpl % h.gravatar(user.email, size=20),
 
                "raw_name": user.username,
 
                "username": username(user.user_id, user.username),
 
                "firstname": user.name,
 
                "lastname": user.lastname,
 
                "firstname": h.escape(user.name),
 
                "lastname": h.escape(user.lastname),
 
                "last_login": h.fmt_date(user.last_login),
 
                "last_login_raw": datetime_to_time(user.last_login),
 
                "active": h.boolicon(user.active),
kallithea/model/repo.py
Show inline comments
...
 
@@ -138,8 +138,8 @@ class RepoModel(BaseModel):
 
        return json.dumps([
 
            {
 
                'id': u.user_id,
 
                'fname': u.name,
 
                'lname': u.lastname,
 
                'fname': h.escape(u.name),
 
                'lname': h.escape(u.lastname),
 
                'nname': u.username,
 
                'gravatar_lnk': h.gravatar_url(u.email, size=28),
 
                'gravatar_size': 14,
...
 
@@ -210,9 +210,9 @@ class RepoModel(BaseModel):
 

	
 
        def desc(desc):
 
            if c.visual.stylify_metatags:
 
                return h.urlify_text(h.desc_stylize(h.truncate(desc, 60)))
 
                return h.urlify_text(h.desc_stylize(h.escape(h.truncate(desc, 60))))
 
            else:
 
                return h.urlify_text(h.truncate(desc, 60))
 
                return h.urlify_text(h.escape(h.truncate(desc, 60)))
 

	
 
        def state(repo_state):
 
            return _render("repo_state", repo_state)
kallithea/templates/summary/summary.html
Show inline comments
...
 
@@ -85,9 +85,9 @@ summary = lambda n:{False:'summary-short
 
                  <label>${_('Description')}:</label>
 
              </div>
 
                 %if c.visual.stylify_metatags:
 
                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(c.db_repo.description))}</div>
 
                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(h.escape(c.db_repo.description)))}</div>
 
                 %else:
 
                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(c.db_repo.description)}</div>
 
                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.escape(c.db_repo.description))}</div>
 
                 %endif
 
            </div>
 

	
0 comments (0 inline, 0 general)