From 79cbfac0922066c4f92f6a9eb7a91c34772e295c Mon Sep 17 00:00:00 2001 From: PCoder Date: Thu, 12 Nov 2020 12:12:46 +0530 Subject: [PATCH] Escape ssh key before storing --- hosting/forms.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosting/forms.py b/hosting/forms.py index 947cee44..8df2bd3e 100644 --- a/hosting/forms.py +++ b/hosting/forms.py @@ -2,6 +2,7 @@ import datetime import logging import subprocess import tempfile +import xml from django import forms from django.conf import settings @@ -207,7 +208,7 @@ class UserHostingKeyForm(forms.ModelForm): logger.debug( "Not a correct ssh format {error}".format(error=str(cpe))) raise forms.ValidationError(KEY_ERROR_MESSAGE) - return openssh_pubkey_str + return xml.sax.saxutils.escape(openssh_pubkey_str) def clean_name(self): INVALID_NAME_MESSAGE = _("Comma not accepted in the name of the key")