/[packages]/updates/5/python-werkzeug/current/SOURCES/python-werkzeug-0.11.10-CVE-2016-10516.patch
ViewVC logotype

Contents of /updates/5/python-werkzeug/current/SOURCES/python-werkzeug-0.11.10-CVE-2016-10516.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186890 - (show annotations) (download)
Fri Dec 29 00:21:00 2017 UTC (17 months, 3 weeks ago) by luigiwalser
File size: 951 byte(s)
add upstream patch to fix CVE-2016-10516
1 From 1034edc7f901dd645ec6e462754111b39002bd65 Mon Sep 17 00:00:00 2001
2 From: Your Name <neargle@outlook.com>
3 Date: Wed, 31 Aug 2016 16:00:55 +0800
4 Subject: [PATCH] fix XSS in debugger
5
6 Fix #1001
7 ---
8 werkzeug/debug/tbtools.py | 2 +-
9 1 files changed, 1 insertions(+), 1 deletion(-)
10
11 diff --git a/werkzeug/debug/tbtools.py b/werkzeug/debug/tbtools.py
12 index 42f9d928d..2ee4718cb 100644
13 --- a/werkzeug/debug/tbtools.py
14 +++ b/werkzeug/debug/tbtools.py
15 @@ -358,7 +358,7 @@ def render_full(self, evalex=False, secret=None,
16 'exception': exc,
17 'exception_type': escape(self.exception_type),
18 'summary': self.render_summary(include_title=False),
19 - 'plaintext': self.plaintext,
20 + 'plaintext': escape(self.plaintext),
21 'plaintext_cs': re.sub('-{2,}', '-', self.plaintext),
22 'traceback_id': self.id,
23 'secret': secret

  ViewVC Help
Powered by ViewVC 1.1.26