New upstream version 1.11.1
Bas Couwenberg
4 years ago
| 0 | |
1.11.0 2017-11-xx
|
|
0 |
1.11.1 2019-08-06
|
|
1 |
~~~~~~~~~~~~~~~~~
|
|
2 |
|
|
3 |
Fixes:
|
|
4 |
|
|
5 |
- Fix Cross Site Scripting (XSS) issue in demo service. Fix for #322 did not
|
|
6 |
properly escaped input used in JavaScript examples.
|
|
7 |
|
|
8 |
A targeted attack could be used for information disclosure. For
|
|
9 |
example: Session cookies of a third party application running on
|
|
10 |
the same domain.
|
|
11 |
|
|
12 |
1.11.0 2017-11-20
|
| 1 | 13 |
~~~~~~~~~~~~~~~~~
|
| 2 | 14 |
|
| 3 | 15 |
Improvements:
|
| 50 | 50 |
# The short X.Y version.
|
| 51 | 51 |
version = '1.11'
|
| 52 | 52 |
# The full version, including alpha/beta/rc tags.
|
| 53 | |
release = '1.11.0'
|
|
53 |
release = '1.11.1'
|
| 54 | 54 |
|
| 55 | 55 |
# The language for content autogenerated by Sphinx. Refer to documentation
|
| 56 | 56 |
# for a list of supported languages.
|
| 21 | 21 |
import pkg_resources
|
| 22 | 22 |
import mimetypes
|
| 23 | 23 |
from collections import defaultdict
|
| 24 | |
from xml.sax.saxutils import escape
|
| 25 | 24 |
|
| 26 | 25 |
from mapproxy.config.config import base_config
|
| 27 | 26 |
from mapproxy.compat import PY2
|
|
| 257 | 256 |
return True
|
| 258 | 257 |
return False
|
| 259 | 258 |
return True
|
|
259 |
|
|
260 |
|
|
261 |
def escape(data):
|
|
262 |
"""
|
|
263 |
Escape user-provided input data for safe inclusion in HTML _and_ JS to prevent XSS.
|
|
264 |
"""
|
|
265 |
data = data.replace('&', '&')
|
|
266 |
data = data.replace('>', '>')
|
|
267 |
data = data.replace('<', '<')
|
|
268 |
data = data.replace("'", '')
|
|
269 |
data = data.replace('"', '')
|
|
270 |
return data
|
| 53 | 53 |
|
| 54 | 54 |
setup(
|
| 55 | 55 |
name='MapProxy',
|
| 56 | |
version="1.11.0",
|
|
56 |
version="1.11.1",
|
| 57 | 57 |
description='An accelerating proxy for tile and web map services',
|
| 58 | 58 |
long_description=long_description(7),
|
| 59 | 59 |
author='Oliver Tonnhofer',
|