From d1aee93b590319868c118c4fdd08696ab2810d51 Mon Sep 17 00:00:00 2001
From: TheNain38 <TheNain38@users.noreply.github.com>
Date: Thu, 18 Feb 2016 19:21:22 +0100
Subject: [PATCH] Fix vulnerabilites and don't get errors when site

isn't loaded
---
 plugins/Sidebar/SidebarPlugin.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugins/Sidebar/SidebarPlugin.py b/plugins/Sidebar/SidebarPlugin.py
index bc684306..9c6d9327 100644
--- a/plugins/Sidebar/SidebarPlugin.py
+++ b/plugins/Sidebar/SidebarPlugin.py
@@ -262,7 +262,7 @@ class UiWebsocketPlugin(object):
         """)
 
         for bad_file in site.bad_files.keys():
-            body.append("<li class='color-red'>%s</li>" % bad_file)
+            body.append("<li class='color-red'>%s</li>" % cgi.escape(bad_file, True))
 
         body.append("""
              </ul>
@@ -305,8 +305,8 @@ class UiWebsocketPlugin(object):
         """.format(**locals()))
 
     def sidebarRenderOwnSettings(self, body, site):
-        title = cgi.escape(site.content_manager.contents["content.json"]["title"], True)
-        description = cgi.escape(site.content_manager.contents["content.json"].get("description", ""), True)
+        title = cgi.escape(site.content_manager.contents.get("content.json", {}).get("title", ""), True)
+        description = cgi.escape(site.content_manager.contents.get("content.json", {}).get("description", ""), True)
         privatekey = cgi.escape(self.user.getSiteData(site.address, create=False).get("privatekey", ""))
 
         body.append(u"""
@@ -354,7 +354,7 @@ class UiWebsocketPlugin(object):
         body = []
 
         body.append("<div>")
-        body.append("<h1>%s</h1>" % site.content_manager.contents["content.json"]["title"])
+        body.append("<h1>%s</h1>" % cgi.escape(site.content_manager.contents.get("content.json", {}).get("title", ""), True))
 
         body.append("<div class='globe loading'></div>")
 
@@ -502,4 +502,4 @@ class UiWebsocketPlugin(object):
             return self.response(to, "You don't have permission to run this command")
         self.site.settings["autodownloadoptional"] = bool(owned)
         self.site.update()
-        self.site.worker_manager.removeGoodFileTasks()
\ No newline at end of file
+        self.site.worker_manager.removeGoodFileTasks()