From 74a95513f60ac1cddd488fad7d5cbcfdc674c221 Mon Sep 17 00:00:00 2001
From: hernani <hernani@0cfe37f9-358a-4d5e-be75-b63607b5c754>
Date: Tue, 5 Oct 2010 15:43:57 +0000
Subject: [PATCH] Fixes OSQA 455. Multiple cross site scripting(XSS)
 vulnerabilities.

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@599 0cfe37f9-358a-4d5e-be75-b63607b5c754
---
 forum/registry.py   | 3 ++-
 forum/urls.py       | 2 +-
 forum/utils/html.py | 4 ++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/forum/registry.py b/forum/registry.py
index 95aea18..ff5a115 100644
--- a/forum/registry.py
+++ b/forum/registry.py
@@ -3,6 +3,7 @@ from django.utils.translation import ugettext as _
 from django.core.urlresolvers import reverse
 from django.template.defaultfilters import slugify
 from forum.templatetags.extra_tags import get_score_badge
+from forum.utils.html import cleanup_urls
 from forum import settings
 
 
@@ -38,7 +39,7 @@ class SupportLink(ui.Link):
 ui.register(ui.FOOTER_LINKS,
             ui.Link(
                     text=_('contact'),
-                    url=lambda u, c: settings.CONTACT_URL and settings.CONTACT_URL or "%s?next=%s" % (reverse('feedback'), c['request'].path),
+                    url=lambda u, c: settings.CONTACT_URL and settings.CONTACT_URL or "%s?next=%s" % (reverse('feedback'), cleanup_urls( c['request'].path)),
                     weight=400),
             SupportLink(_('support'), settings.SUPPORT_URL, attrs={'target': '_blank'}, weight=300),
             ui.Link(_('privacy'), ui.Url('privacy'), weight=200),
diff --git a/forum/urls.py b/forum/urls.py
index d1715df..30fd5ac 100644
--- a/forum/urls.py
+++ b/forum/urls.py
@@ -144,7 +144,7 @@ urlpatterns += patterns('',
                             name='user_recent'),
                         url(r'^%s(?P<id>\d+)/(?P<slug>.*)/$' % _('users/'), app.users.user_profile, name='user_profile'),
                         url(r'^%s$' % _('badges/'), app.meta.badges, name='badges'),
-                        url(r'^%s(?P<id>\d+)/(?P<slug>.*)$' % _('badges/'), app.meta.badge, name='badge'),
+                        url(r'^%s(?P<id>\d+)/(?P<slug>[\w-]+)/?$' % _('badges/'), app.meta.badge, name='badge'),
                         # (r'^admin/doc/' % _('admin/doc'), include('django.contrib.admindocs.urls')),
 
                         url(r'^%s$' % _('upload/'), app.writers.upload, name='upload'),
diff --git a/forum/utils/html.py b/forum/utils/html.py
index 86a4ef9..cab52a4 100644
--- a/forum/utils/html.py
+++ b/forum/utils/html.py
@@ -1,6 +1,7 @@
 """Utilities for working with HTML."""
 import html5lib
 from html5lib import sanitizer, serializer, tokenizer, treebuilders, treewalkers
+from django.utils.html import strip_tags
 from forum.utils.html2text import HTML2Text
 from django.template import mark_safe
 from forum import settings
@@ -48,6 +49,9 @@ def sanitize_html(html):
     output_generator = s.serialize(stream)
     return u''.join(output_generator)
 
+def cleanup_urls(url):
+    return strip_tags(url)
+
 
 def html2text(s, ignore_tags=(), indent_width=4, page_width=80):
     ignore_tags = [t.lower() for t in ignore_tags]
-- 
2.39.5