Commit 9392095d authored by Mathieu Giraud's avatar Mathieu Giraud Committed by Vidjil Team
Browse files

controllers/admin.py, views/admin/log.html: use log_links()

The default call to XML() should be safe enough to prevent XSS attacks.
parent bac6a466
...@@ -80,6 +80,8 @@ def log(): ...@@ -80,6 +80,8 @@ def log():
for i in range(6,len(tmp)): for i in range(6,len(tmp)):
line["mes"] += tmp[i] + " " line["mes"] += tmp[i] + " "
line["mes"] = vidjil_utils.log_links(line["mes"])
lines.append(line) lines.append(line)
if len(lines) >= 100 : if len(lines) >= 100 :
......
...@@ -33,7 +33,7 @@ ...@@ -33,7 +33,7 @@
<td> {{=line["user"]}} </td> <td> {{=line["user"]}} </td>
<td> {{=line["type"]}} </td> <td> {{=line["type"]}} </td>
<td> {{=line["file"]}} </td> <td> {{=line["file"]}} </td>
<td> {{=line["mes"]}} </td> <td> {{=XML(line["mes"])}} </td>
</tr> </tr>
{{pass}} {{pass}}
</table> </table>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment