Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • janitor-team/proposed/mapproxy
  • debian-gis-team/mapproxy
2 results
Show changes
Commits on Source (4)
1.11.0 2017-11-xx
1.11.1 2019-08-06
~~~~~~~~~~~~~~~~~
Fixes:
- Fix Cross Site Scripting (XSS) issue in demo service. Fix for #322 did not
properly escaped input used in JavaScript examples.
A targeted attack could be used for information disclosure. For
example: Session cookies of a third party application running on
the same domain.
1.11.0 2017-11-20
~~~~~~~~~~~~~~~~~
Improvements:
......
mapproxy (1.11.1-1) unstable; urgency=high
* New upstream release.
Fixes XSS issue in demo service, see:
https://github.com/mapproxy/mapproxy/issues/322
-- Bas Couwenberg <sebastic@debian.org> Tue, 06 Aug 2019 13:00:23 +0200
mapproxy (1.11.0-4) unstable; urgency=medium
* Bump Standards-Version to 4.4.0, no changes.
......
......@@ -51,7 +51,7 @@ copyright = u'Oliver Tonnhofer, Omniscale'
# The short X.Y version.
version = '1.11'
# The full version, including alpha/beta/rc tags.
release = '1.11.0'
release = '1.11.1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
......
......@@ -22,7 +22,6 @@ import os
import pkg_resources
import mimetypes
from collections import defaultdict
from xml.sax.saxutils import escape
from mapproxy.config.config import base_config
from mapproxy.compat import PY2
......@@ -258,3 +257,15 @@ class DemoServer(Server):
return True
return False
return True
def escape(data):
"""
Escape user-provided input data for safe inclusion in HTML _and_ JS to prevent XSS.
"""
data = data.replace('&', '&amp;')
data = data.replace('>', '&gt;')
data = data.replace('<', '&lt;')
data = data.replace("'", '')
data = data.replace('"', '')
return data
......@@ -54,7 +54,7 @@ def long_description(changelog_releases=10):
setup(
name='MapProxy',
version="1.11.0",
version="1.11.1",
description='An accelerating proxy for tile and web map services',
long_description=long_description(7),
author='Oliver Tonnhofer',
......