Skip to content

erp5
erp5
Commit 32de78e3 authored by Aurel's avatar Aurel
Browse files
Options

escape the log returned to avoid interpretation by browser 


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38189 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 621f33c9
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 1 deletion
product/ERP5/Tool/IntrospectionTool.py
View file @ 32de78e3
...@@ -42,6 +42,7 @@ from App.config import getConfiguration ...@@ -42,6 +42,7 @@ from App.config import getConfiguration
from AccessControl import Unauthorized from AccessControl import Unauthorized
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Type import tarfile from Products.ERP5Type import tarfile
from cgi import escape
_MARKER = [] _MARKER = []
...@@ -229,7 +230,7 @@ class IntrospectionTool(LogMixin, BaseTool): ...@@ -229,7 +230,7 @@ class IntrospectionTool(LogMixin, BaseTool):
""" """
Tail the Event Log. Tail the Event Log.
""" """
return self._tailFile('log/event.log', 50) return escape(self._tailFile('log/event.log', 50))
security.declareProtected(Permissions.ManagePortal, 'getAccessLog') security.declareProtected(Permissions.ManagePortal, 'getAccessLog')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7