kallithea Changeset - a8f2986afc18

Changeset - a8f2986afc18

Parent rev.

Child rev.

[Not reviewed]

stable

0 5 0

Nick High - 11 years ago 2015-04-12 20:46:25
nick@silverchip.org

security: Fix HTML and JavaScript injection.

This fixes CVE-2015-1864

5 files changed with 10 insertions and 10 deletions:

kallithea/controllers/admin/repo_groups.py

kallithea/controllers/admin/user_groups.py

kallithea/controllers/admin/users.py

kallithea/model/repo.py

kallithea/templates/summary/summary.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/repo_groups.py

➞

Show inline comments

@@ @@ -141,13 +141,13 @@ class RepoGroupsController(BaseControlle @@
                 itertools.chain((g.name for g in repo_gr.parents),
                                 (x.name for x in [repo_gr])))
             repo_count = repo_gr.repositories.count()
             repo_groups_data.append({
                 "raw_name": repo_gr.group_name,
                 "group_name": repo_group_name(repo_gr.group_name, children_groups),
                 "desc": repo_gr.group_description,
+                "desc": h.escape(repo_gr.group_description),
                 "repos": repo_count,
                 "owner": h.person(repo_gr.user),
                 "action": repo_group_actions(repo_gr.group_id, repo_gr.group_name,
                                              repo_count)
             })

kallithea/controllers/admin/user_groups.py

➞

Show inline comments

@@ @@ -110,13 +110,13 @@ class UserGroupsController(BaseControlle @@
         for user_gr in group_iter:
             user_groups_data.append({
                 "raw_name": user_gr.users_group_name,
                 "group_name": user_group_name(user_gr.users_group_id,
                                               user_gr.users_group_name),
                 "desc": user_gr.user_group_description,
+                "desc": h.escape(user_gr.user_group_description),
                 "members": len(user_gr.members),
                 "active": h.boolicon(user_gr.users_group_active),
                 "owner": h.person(user_gr.user.username),
                 "action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name)
             })

kallithea/controllers/admin/users.py

➞

Show inline comments

@@ @@ -93,14 +93,14 @@ class UsersController(BaseController): @@
         for user in c.users_list:
             users_data.append({
                 "gravatar": grav_tmpl % h.gravatar(user.email, size=20),
                 "raw_name": user.username,
                 "username": username(user.user_id, user.username),
                 "firstname": user.name,
                 "lastname": user.lastname,
                 "firstname": h.escape(user.name),
                 "lastname": h.escape(user.lastname),
                 "last_login": h.fmt_date(user.last_login),
                 "last_login_raw": datetime_to_time(user.last_login),
                 "active": h.boolicon(user.active),
                 "admin": h.boolicon(user.admin),
                 "extern_type": user.extern_type,
                 "extern_name": user.extern_name,

kallithea/model/repo.py

➞

Show inline comments

@@ @@ -135,14 +135,14 @@ class RepoModel(BaseModel): @@
     def get_users_js(self):
         users = self.sa.query(User).filter(User.active == True).all()
         return json.dumps([
+            {
                 'id': u.user_id,
                 'fname': u.name,
                 'lname': u.lastname,
                 'fname': h.escape(u.name),
                 'lname': h.escape(u.lastname),
                 'nname': u.username,
                 'gravatar_lnk': h.gravatar_url(u.email, size=28),
                 'gravatar_size': 14,
             } for u in users]
+        )
@@ @@ -207,15 +207,15 @@ class RepoModel(BaseModel): @@
             return _render('revision', repo_name, cs_cache.get('revision'),
                            cs_cache.get('raw_id'), cs_cache.get('author'),
                            cs_cache.get('message'))
         def desc(desc):
             if c.visual.stylify_metatags:
                 return h.urlify_text(h.desc_stylize(h.truncate(desc, 60)))
+                return h.urlify_text(h.desc_stylize(h.escape(h.truncate(desc, 60))))
             else:
                 return h.urlify_text(h.truncate(desc, 60))
+                return h.urlify_text(h.escape(h.truncate(desc, 60)))
         def state(repo_state):
             return _render("repo_state", repo_state)
         def repo_actions(repo_name):
             return _render('repo_actions', repo_name, super_user_actions)

kallithea/templates/summary/summary.html

➞

Show inline comments

@@ @@ -82,15 +82,15 @@ summary = lambda n:{False:'summary-short @@
             <div class="field">
               <div class="label-summary">
                   <label>${_('Description')}:</label>
               </div>
                  %if c.visual.stylify_metatags:
                    <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(c.db_repo.description))}</div>
+                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(h.escape(c.db_repo.description)))}</div>
                  %else:
                    <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(c.db_repo.description)}</div>
+                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.escape(c.db_repo.description))}</div>
                  %endif
             </div>
             <div class="field">
               <div class="label-summary">
                   <label>${_('Trending files')}:</label>

0 comments (0 inline, 0 general)