Encyclopedia: Fix XSS vulnerability (LP: #1832773)

2021-01-28 04:04:04 +01:00
parent 2b012a7075
commit b4cde99a4d
2 changed files with 2 additions and 2 deletions
--- a/Encyclopedia/init.py
+++ b/Encyclopedia/init.py
@ -24,7 +24,7 @@ import supybot
 import supybot.world as world
 from importlib import reload

-__version__ = "3.2.2"
+__version__ = "3.3.0"
 __author__ = supybot.Author("Krytarik Raido", "krytarik", "krytarik@gmail.com")
 __contributors__ = {
    supybot.Author("Dennis Kaarsemaker", "Seveas", "dennis@kaarsemaker.net"): ['Original Author'],
--- a/Encyclopedia/factoids.cgi
+++ b/Encyclopedia/factoids.cgi
@ -87,7 +87,7 @@ else:
    total = cur.fetchall()[0][0]

 # Pagination links
-plink = ' <a href="factoids.cgi?db=%s&amp;search=%s&amp;order=%%s&amp;page=%%s">%%s</a>' % (database, search)
+plink = ' <a href="factoids.cgi?db=%s&amp;search=%s&amp;order=%%s&amp;page=%%s">%%s</a>' % (database, utils.web.urlquote(search))
 npages = int(math.ceil(float(total) / NUM_PER_PAGE))
 print(' &middot;\n'.join(list(map(lambda x: plink % (order_url, x, x) if x != page else str(x), range(1, npages+1)))))