[Checkins] SVN: grokui.admin/trunk/src/grokui/admin/security.py Escape security notes.

Uli Fouquet uli at gnufix.de
Tue Dec 23 11:36:52 EST 2008


Log message for revision 94291:
  Escape security notes.

Changed:
  U   grokui.admin/trunk/src/grokui/admin/security.py

-=-
Modified: grokui.admin/trunk/src/grokui/admin/security.py
===================================================================
--- grokui.admin/trunk/src/grokui/admin/security.py	2008-12-23 16:11:08 UTC (rev 94290)
+++ grokui.admin/trunk/src/grokui/admin/security.py	2008-12-23 16:36:52 UTC (rev 94291)
@@ -16,6 +16,7 @@
 The machinery to do home-calling security notifications.
 """
 import grok
+import cgi
 import time
 import urllib2
 import urlparse
@@ -123,7 +124,8 @@
         opener = urllib2.build_opener(http_handler)
         req = urllib2.Request(url)
         try:
-            self._message = opener.open(req).read()
+            message = opener.open(req).read()
+            self._message = cgi.escape(message)
             self._warningstate = True
         except (urllib2.HTTPError, OSError), e:
             if (getattr(e, 'code', None) == 404) or (



More information about the Checkins mailing list