Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Valentin Samir
django-cas-server
Commits
971cde09
Commit
971cde09
authored
Nov 17, 2017
by
Valentin Samir
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix XSS js injection
parent
f1a47e77
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
11 additions
and
9 deletions
+11
-9
CHANGELOG.rst
CHANGELOG.rst
+1
-0
cas_server/templates/cas_server/base.html
cas_server/templates/cas_server/base.html
+1
-1
cas_server/templates/cas_server/logout.html
cas_server/templates/cas_server/logout.html
+1
-1
cas_server/views.py
cas_server/views.py
+8
-7
No files found.
CHANGELOG.rst
View file @
971cde09
...
...
@@ -25,6 +25,7 @@ Fixed
if the user dn was not found. This was causing the exception
``'NoneType' object has no attribute 'getitem'`` describe in #21
* Increase the max size of usernames (30 chars to 250)
* Fix XSS js injection
...
...
cas_server/templates/cas_server/base.html
View file @
971cde09
...
...
@@ -58,7 +58,7 @@
class=
"alert alert-danger"
{%
endif
%}
{%
endspaceless
%}
>
<p>
{{message
|safe
}}
</p>
<p>
{{message}}
</p>
</div>
{% endfor %}
{% if auto_submit %}
</noscript>
{% endif %}
...
...
cas_server/templates/cas_server/logout.html
View file @
971cde09
...
...
@@ -2,6 +2,6 @@
{% load staticfiles %}
{% load i18n %}
{% block content %}
<div
class=
"alert alert-success"
role=
"alert"
>
{{logout_msg
|safe
}}
</div>
<div
class=
"alert alert-success"
role=
"alert"
>
{{logout_msg}}
</div>
{% endblock %}
cas_server/views.py
View file @
971cde09
...
...
@@ -23,6 +23,7 @@ from django.views.decorators.csrf import csrf_exempt
from
django.middleware.csrf
import
CsrfViewMiddleware
from
django.views.generic
import
View
from
django.utils.encoding
import
python_2_unicode_compatible
from
django.utils.safestring
import
mark_safe
import
re
import
logging
...
...
@@ -181,24 +182,24 @@ class LogoutView(View, LogoutMixin):
else
:
# build logout message depending of the number of sessions the user logs out
if
session_nb
==
1
:
logout_msg
=
_
(
logout_msg
=
mark_safe
(
_
(
"<h3>Logout successful</h3>"
"You have successfully logged out from the Central Authentication Service. "
"For security reasons, close your web browser."
)
)
)
elif
session_nb
>
1
:
logout_msg
=
_
(
logout_msg
=
mark_safe
(
_
(
"<h3>Logout successful</h3>"
"You have successfully logged out from %
s
sessions of the Central "
"You have successfully logged out from %
d
sessions of the Central "
"Authentication Service. "
"For security reasons, close your web browser."
)
%
session_nb
)
%
session_nb
)
else
:
logout_msg
=
_
(
logout_msg
=
mark_safe
(
_
(
"<h3>Logout successful</h3>"
"You were already logged out from the Central Authentication Service. "
"For security reasons, close your web browser."
)
)
)
# depending of settings, redirect to the login page with a logout message or display
# the logout page. The default is to display tge logout page.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment