Fixes OSQA 455. Multiple cross site scripting(XSS) vulnerabilities.

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@599 0cfe37f9-358a-4d5e-be75-b63607b5c754
justingrant · Oct 5, 2010 · 74a9551 · 74a9551
1 parent 0e41998
commit 74a9551
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/forum/registry.py b/forum/registry.py
@@ -3,6 +3,7 @@
 from django.core.urlresolvers import reverse
 from django.template.defaultfilters import slugify
 from forum.templatetags.extra_tags import get_score_badge
+from forum.utils.html import cleanup_urls
 from forum import settings
 
 
@@ -38,7 +39,7 @@ def can_render(self, context):
 ui.register(ui.FOOTER_LINKS,
             ui.Link(
                     text=_('contact'),
-                    url=lambda u, c: settings.CONTACT_URL and settings.CONTACT_URL or "%s?next=%s" % (reverse('feedback'), c['request'].path),
+                    url=lambda u, c: settings.CONTACT_URL and settings.CONTACT_URL or "%s?next=%s" % (reverse('feedback'), cleanup_urls( c['request'].path)),
                     weight=400),
             SupportLink(_('support'), settings.SUPPORT_URL, attrs={'target': '_blank'}, weight=300),
             ui.Link(_('privacy'), ui.Url('privacy'), weight=200),

diff --git a/forum/urls.py b/forum/urls.py
@@ -144,7 +144,7 @@
                             name='user_recent'),
                         url(r'^%s(?P<id>\d+)/(?P<slug>.*)/$' % _('users/'), app.users.user_profile, name='user_profile'),
                         url(r'^%s$' % _('badges/'), app.meta.badges, name='badges'),
-                        url(r'^%s(?P<id>\d+)/(?P<slug>.*)$' % _('badges/'), app.meta.badge, name='badge'),
+                        url(r'^%s(?P<id>\d+)/(?P<slug>[\w-]+)/?$' % _('badges/'), app.meta.badge, name='badge'),
                         # (r'^admin/doc/' % _('admin/doc'), include('django.contrib.admindocs.urls')),
 
                         url(r'^%s$' % _('upload/'), app.writers.upload, name='upload'),

diff --git a/forum/utils/html.py b/forum/utils/html.py
@@ -1,6 +1,7 @@
 """Utilities for working with HTML."""
 import html5lib
 from html5lib import sanitizer, serializer, tokenizer, treebuilders, treewalkers
+from django.utils.html import strip_tags
 from forum.utils.html2text import HTML2Text
 from django.template import mark_safe
 from forum import settings
@@ -48,6 +49,9 @@ def sanitize_html(html):
     output_generator = s.serialize(stream)
     return u''.join(output_generator)
 
+def cleanup_urls(url):
+    return strip_tags(url)
+
 
 def html2text(s, ignore_tags=(), indent_width=4, page_width=80):
     ignore_tags = [t.lower() for t in ignore_tags]