security-and-privacy/ldapcherry
security-and-privacy
/
ldapcherry
mirror of https://github.com/kakwa/ldapcherry
1
0
Fork 0
Code Releases Activity

fix html escape for lonely groups

This commit is contained in:
kakwa 2016-07-10 07:40:56 +02:00
parent 0beac119f9
commit c2f6b95fb0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ldapcherry/__init__.py
View File

@ -59,6 +59,7 @@ class LdapCherry(object):
ret = []
for i in data:
ret.append(cgi.escape(i, True))
return ret
def _escape_dict(self, data):
for d in data:
@ -66,6 +67,8 @@ class LdapCherry(object):
data[d] = self._escape_list(data[d])
elif isinstance(data[d], dict):
data[d] = self._escape_dict(data[d])
elif isinstance(data[d], Set):
data[d] = Set(self._escape_list(data[d]))
else:
data[d] = cgi.escape(data[d], True)
return data
@ -78,6 +81,8 @@ class LdapCherry(object):
data[d] = self._escape_dict(data[d])
elif dtype == 'attr_list':
data = self._escape_dict(data)
elif dtype == 'lonely_groups':
data = self._escape_dict(data)
return data
def _get_param(self, section, key, config, default=None):
@ -1095,7 +1100,7 @@ class LdapCherry(object):
form=form,
roles=roles,
is_admin=is_admin,
standalone_groups=self._escape(user_lonely_groups, 'attr_list'),
standalone_groups=self._escape(user_lonely_groups, 'lonely_groups'),
backends_display_names=self.backends_display_names,
custom_js=self.custom_js,
notifications=self._empty_notification(),