New upstream version 1.11.1
Bas Couwenberg
4 years ago
0 | |
1.11.0 2017-11-xx
|
|
0 |
1.11.1 2019-08-06
|
|
1 |
~~~~~~~~~~~~~~~~~
|
|
2 |
|
|
3 |
Fixes:
|
|
4 |
|
|
5 |
- Fix Cross Site Scripting (XSS) issue in demo service. Fix for #322 did not
|
|
6 |
properly escaped input used in JavaScript examples.
|
|
7 |
|
|
8 |
A targeted attack could be used for information disclosure. For
|
|
9 |
example: Session cookies of a third party application running on
|
|
10 |
the same domain.
|
|
11 |
|
|
12 |
1.11.0 2017-11-20
|
1 | 13 |
~~~~~~~~~~~~~~~~~
|
2 | 14 |
|
3 | 15 |
Improvements:
|
50 | 50 |
# The short X.Y version.
|
51 | 51 |
version = '1.11'
|
52 | 52 |
# The full version, including alpha/beta/rc tags.
|
53 | |
release = '1.11.0'
|
|
53 |
release = '1.11.1'
|
54 | 54 |
|
55 | 55 |
# The language for content autogenerated by Sphinx. Refer to documentation
|
56 | 56 |
# for a list of supported languages.
|
21 | 21 |
import pkg_resources
|
22 | 22 |
import mimetypes
|
23 | 23 |
from collections import defaultdict
|
24 | |
from xml.sax.saxutils import escape
|
25 | 24 |
|
26 | 25 |
from mapproxy.config.config import base_config
|
27 | 26 |
from mapproxy.compat import PY2
|
|
257 | 256 |
return True
|
258 | 257 |
return False
|
259 | 258 |
return True
|
|
259 |
|
|
260 |
|
|
261 |
def escape(data):
|
|
262 |
"""
|
|
263 |
Escape user-provided input data for safe inclusion in HTML _and_ JS to prevent XSS.
|
|
264 |
"""
|
|
265 |
data = data.replace('&', '&')
|
|
266 |
data = data.replace('>', '>')
|
|
267 |
data = data.replace('<', '<')
|
|
268 |
data = data.replace("'", '')
|
|
269 |
data = data.replace('"', '')
|
|
270 |
return data
|
53 | 53 |
|
54 | 54 |
setup(
|
55 | 55 |
name='MapProxy',
|
56 | |
version="1.11.0",
|
|
56 |
version="1.11.1",
|
57 | 57 |
description='An accelerating proxy for tile and web map services',
|
58 | 58 |
long_description=long_description(7),
|
59 | 59 |
author='Oliver Tonnhofer',
|