Merge branch '8593/escape-ssh-key-str' into 'master'

Escape ssh key before storing See merge request ungleich-public/dynamicweb!741
2020-11-12 08:02:11 +01:00 · 2020-11-12 08:02:11 +01:00 · 73cb003353
commit 73cb003353
parent c2e2e1828f 79cbfac092
1 changed files with 2 additions and 1 deletions
--- a/hosting/forms.py
+++ b/hosting/forms.py
@ -2,6 +2,7 @@ import datetime
 import logging
 import subprocess
 import tempfile
+import xml

 from django import forms
 from django.conf import settings
@ -207,7 +208,7 @@ class UserHostingKeyForm(forms.ModelForm):
                logger.debug(
                    "Not a correct ssh format {error}".format(error=str(cpe)))
                raise forms.ValidationError(KEY_ERROR_MESSAGE)
-        return openssh_pubkey_str
+        return xml.sax.saxutils.escape(openssh_pubkey_str)

    def clean_name(self):
        INVALID_NAME_MESSAGE = _("Comma not accepted in the name of the key")