Revision: 53650
Author: avar
Date: 2009-07-22 16:41:02 +0000 (Wed, 22 Jul 2009)
Log Message:
-----------
Close off potential XSS exploit by not throwing GET data back at the user
unescaped
Modified Paths:
--------------
trunk/tools/osm-tools/cgi-bin/export
Modified: trunk/tools/osm-tools/cgi-bin/export
===================================================================
--- trunk/tools/osm-tools/cgi-bin/export 2009-07-22 16:37:11 UTC (rev
53649)
+++ trunk/tools/osm-tools/cgi-bin/export 2009-07-22 16:41:02 UTC (rev
53650)
@@ -97,7 +97,7 @@
elif not form.getvalue("maptype") in maptypes:
output_error("Invalid maptype, valid types are %s" % maptypes)
elif not form.getvalue("locale") in locales:
- output_error("Invalid locale %s valid are %s" % (form.getvalue("locale"),
locales))
+ output_error("Invalid locale, valid are %s" % locales.keys())
else:
# Create projection object
prj = mapnik.Projection("+proj=merc +a=6378137 +b=6378137 +lat_ts=0.0
+lon_0=0.0 +x_0=0.0 +y_0=0 +k=1.0 +units=m +nadgri...@null +no_defs +over");
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
