mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Escape logfile output, fixes weird formatting and remote code execution vulnerability
This commit is contained in:
parent
344c2219ec
commit
a79f42f4da
@ -5,6 +5,7 @@ import tornado.escape
|
||||
import bleach
|
||||
import os
|
||||
import shutil
|
||||
import html
|
||||
|
||||
from app.classes.shared.console import console
|
||||
from app.classes.shared.models import Users, installer
|
||||
@ -68,7 +69,7 @@ class AjaxHandler(BaseHandler):
|
||||
|
||||
for d in data:
|
||||
try:
|
||||
line = helper.log_colors(d)
|
||||
line = helper.log_colors(html.escape(d))
|
||||
self.write('{}<br />'.format(line))
|
||||
# self.write(d.encode("utf-8"))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user