Description
xmlrpc_putPage in http://hg.moinmo.in/moin/1.6/file/02f68dc10be0/MoinMoin/xmlrpc/__init__.py does not escape the given page name and so on. Maybe it should be escaped in http://hg.moinmo.in/moin/1.6/file/02f68dc10be0/MoinMoin/Page.py Page.init(...)
Steps to reproduce
Following code (replace <yourwikihere> with your wiki address) :
Creates a page that can not be accessed via http://<yourwikihere>/RecentChanges
And if you access it by other means all kind of ugly things happen.
Component selection
Again:
xmlrpc_putPage in http://hg.moinmo.in/moin/1.6/file/02f68dc10be0/MoinMoin/xmlrpc/__init__.py does not escape the given page name and so on. Maybe it should be escaped in http://hg.moinmo.in/moin/1.6/file/02f68dc10be0/MoinMoin/Page.py Page.init(...)
Details
MoinMoin Version |
1.6 |
Workaround
Discussion
we need wikiutil.normalize_pagename
diff -r da5a971ef2de MoinMoin/xmlrpc/__init__.py
--- a/MoinMoin/xmlrpc/__init__.py Sun Nov 22 23:57:38 2009 +0100
+++ b/MoinMoin/xmlrpc/__init__.py Fri Nov 27 17:35:58 2009 +0100
@@ -531,7 +531,7 @@
"""
pagename = self._instr(pagename)
-
+ pagename = wikiutil.normalize_pagename(pagename, self.cfg)
if not pagename:
return xmlrpclib.Fault("INVALID", "pagename can't be empty")
Plan
- Priority:
- Assigned to:
Status: fixed by cs 5315:329241cd48b6