##// END OF EJS Templates
sec: serialize the repo name in repo checks to prevent potential html injections.
marcink -
r2547:0fd8208e stable
parent child Browse files
Show More
@@ -27,6 +27,7 b' from rhodecode.apps._base import BaseApp'
27 from rhodecode.lib import helpers as h
27 from rhodecode.lib import helpers as h
28 from rhodecode.lib.auth import (NotAnonymous, HasRepoPermissionAny)
28 from rhodecode.lib.auth import (NotAnonymous, HasRepoPermissionAny)
29 from rhodecode.model.db import Repository
29 from rhodecode.model.db import Repository
30 from rhodecode.model.validation_schema.types import RepoNameType
30
31
31 log = logging.getLogger(__name__)
32 log = logging.getLogger(__name__)
32
33
@@ -43,8 +44,8 b' class RepoChecksView(BaseAppView):'
43 renderer='rhodecode:templates/admin/repos/repo_creating.mako')
44 renderer='rhodecode:templates/admin/repos/repo_creating.mako')
44 def repo_creating(self):
45 def repo_creating(self):
45 c = self.load_default_context()
46 c = self.load_default_context()
46
47 repo_name = self.request.matchdict['repo_name']
47 repo_name = self.request.matchdict['repo_name']
48 repo_name = RepoNameType().deserialize(None, repo_name)
48 db_repo = Repository.get_by_repo_name(repo_name)
49 db_repo = Repository.get_by_repo_name(repo_name)
49
50
50 # check if maybe repo is already created
51 # check if maybe repo is already created
General Comments 0
You need to be logged in to leave comments. Login now