# HG changeset patch
# User Andrew Shadura <andrew@shadura.me>
# Date 1429045410 -7200
# Node ID 0ab0c3980b5d5152c4e2264a8e0cc3b8ce865d82
# Parent  caef25781d8cb4b9e43e0def6b7a199c3f3cb462# Parent  49e0b5a72ba2ca753d830260a65b694f70e7456b
Merge with stable

diff -r caef25781d8c -r 0ab0c3980b5d .hgtags
--- a/.hgtags	Mon Apr 13 20:25:01 2015 +0200
+++ b/.hgtags	Tue Apr 14 23:03:30 2015 +0200
@@ -58,3 +58,4 @@
 1f71ef689d2a3c9978cea6591a1f4e9107a5ca83 rhodecode-0.0.1.7.1
 d17e88a1a88a29f6fac948c94498129e405a40d3 0.1
 ad0ce803b40cb17fc3988373052943e041030b02 0.2
+c6e32714336345403adf76abb6ebf9b8116fcdc7 0.2.1
diff -r caef25781d8c -r 0ab0c3980b5d CONTRIBUTORS
--- a/CONTRIBUTORS	Mon Apr 13 20:25:01 2015 +0200
+++ b/CONTRIBUTORS	Tue Apr 14 23:03:30 2015 +0200
@@ -67,6 +67,7 @@
     Michal Čihař <michal@cihar.com>
     Morten Skaaning <mortens@unity3d.com>
     Na'Tosha Bard <natosha@unity3d.com>
+    Nick High <nick@silverchip.org>
     Niemand Jedermann <predatorix@web.de>
     Peter Vitt <petervitt@web.de>
     Sam Jaques <sam.jaques@me.com>
diff -r caef25781d8c -r 0ab0c3980b5d kallithea/__init__.py
--- a/kallithea/__init__.py	Mon Apr 13 20:25:01 2015 +0200
+++ b/kallithea/__init__.py	Tue Apr 14 23:03:30 2015 +0200
@@ -29,7 +29,7 @@
 import sys
 import platform
 
-VERSION = (0, 2)
+VERSION = (0, 2, 1)
 BACKENDS = {
     'hg': 'Mercurial repository',
     'git': 'Git repository',
diff -r caef25781d8c -r 0ab0c3980b5d kallithea/controllers/admin/repo_groups.py
--- a/kallithea/controllers/admin/repo_groups.py	Mon Apr 13 20:25:01 2015 +0200
+++ b/kallithea/controllers/admin/repo_groups.py	Tue Apr 14 23:03:30 2015 +0200
@@ -144,7 +144,7 @@
             repo_groups_data.append({
                 "raw_name": repo_gr.group_name,
                 "group_name": repo_group_name(repo_gr.group_name, children_groups),
-                "desc": repo_gr.group_description,
+                "desc": h.escape(repo_gr.group_description),
                 "repos": repo_count,
                 "owner": h.person(repo_gr.user),
                 "action": repo_group_actions(repo_gr.group_id, repo_gr.group_name,
diff -r caef25781d8c -r 0ab0c3980b5d kallithea/controllers/admin/user_groups.py
--- a/kallithea/controllers/admin/user_groups.py	Mon Apr 13 20:25:01 2015 +0200
+++ b/kallithea/controllers/admin/user_groups.py	Tue Apr 14 23:03:30 2015 +0200
@@ -113,7 +113,7 @@
                 "raw_name": user_gr.users_group_name,
                 "group_name": user_group_name(user_gr.users_group_id,
                                               user_gr.users_group_name),
-                "desc": user_gr.user_group_description,
+                "desc": h.escape(user_gr.user_group_description),
                 "members": len(user_gr.members),
                 "active": h.boolicon(user_gr.users_group_active),
                 "owner": h.person(user_gr.user.username),
diff -r caef25781d8c -r 0ab0c3980b5d kallithea/controllers/admin/users.py
--- a/kallithea/controllers/admin/users.py	Mon Apr 13 20:25:01 2015 +0200
+++ b/kallithea/controllers/admin/users.py	Tue Apr 14 23:03:30 2015 +0200
@@ -96,8 +96,8 @@
                 "gravatar": grav_tmpl % h.gravatar(user.email, size=20),
                 "raw_name": user.username,
                 "username": username(user.user_id, user.username),
-                "firstname": user.name,
-                "lastname": user.lastname,
+                "firstname": h.escape(user.name),
+                "lastname": h.escape(user.lastname),
                 "last_login": h.fmt_date(user.last_login),
                 "last_login_raw": datetime_to_time(user.last_login),
                 "active": h.boolicon(user.active),
diff -r caef25781d8c -r 0ab0c3980b5d kallithea/model/repo.py
--- a/kallithea/model/repo.py	Mon Apr 13 20:25:01 2015 +0200
+++ b/kallithea/model/repo.py	Tue Apr 14 23:03:30 2015 +0200
@@ -138,8 +138,8 @@
         return json.dumps([
             {
                 'id': u.user_id,
-                'fname': u.name,
-                'lname': u.lastname,
+                'fname': h.escape(u.name),
+                'lname': h.escape(u.lastname),
                 'nname': u.username,
                 'gravatar_lnk': h.gravatar_url(u.email, size=28),
                 'gravatar_size': 14,
@@ -210,9 +210,9 @@
 
         def desc(desc):
             if c.visual.stylify_metatags:
-                return h.urlify_text(h.desc_stylize(h.truncate(desc, 60)))
+                return h.urlify_text(h.desc_stylize(h.escape(h.truncate(desc, 60))))
             else:
-                return h.urlify_text(h.truncate(desc, 60))
+                return h.urlify_text(h.escape(h.truncate(desc, 60)))
 
         def state(repo_state):
             return _render("repo_state", repo_state)
diff -r caef25781d8c -r 0ab0c3980b5d kallithea/templates/summary/summary.html
--- a/kallithea/templates/summary/summary.html	Mon Apr 13 20:25:01 2015 +0200
+++ b/kallithea/templates/summary/summary.html	Tue Apr 14 23:03:30 2015 +0200
@@ -85,9 +85,9 @@
                   <label>${_('Description')}:</label>
               </div>
                  %if c.visual.stylify_metatags:
-                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(c.db_repo.description))}</div>
+                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(h.escape(c.db_repo.description)))}</div>
                  %else:
-                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(c.db_repo.description)}</div>
+                   <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.escape(c.db_repo.description))}</div>
                  %endif
             </div>