zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-07-21 01:56:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

patch XSS related to directories, remove redundant text editor file load

Browse source
This commit is contained in:
Kyle Drake 2017-01-17 21:20:34 -08:00
parent eed42b7558
commit e95dd99c29
3 changed files with 36 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/site_files.rb
View file

@ -32,7 +32,7 @@ post '/site_files/create' do
name = current_site.scrubbed_path name
if current_site.file_exists?(name)
flash[:error] = %{Web page "#{name}" already exists! Choose another name.}
flash[:error] = %{Web page "#{Rack::Utils.escape_html name}" already exists! Choose another name.}
redirect redirect_uri
end
@ -67,7 +67,9 @@ post '/site_files/create' do
site_file.save
end
flash[:success] = %{#{name} was created! <a style="color: #FFFFFF; text-decoration: underline" href="/site_files/text_editor/#{name}">Click here to edit it</a>.}
escaped_name = Rack::Utils.escape_html name
flash[:success] = %{#{escaped_name} was created! <a style="color: #FFFFFF; text-decoration: underline" href="/site_files/text_editor/#{escaped_name}">Click here to edit it</a>.}
redirect redirect_uri
end