upstream/oracle/userland-gate: components/openstack/horizon/patches/12-CVE-2015-3988.patch@028ddffc4038 (annotated)

4381 028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	1	Errata patch for CVE-2015-3988
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	2	https://review.openstack.org/183659
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	3	git fetch https://review.openstack.org/openstack/horizon refs/changes/59/183659/1 && git format-patch -1 --stdout FETCH_HEAD
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	4	Fixed upstream and in a future release.
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	5	----
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	6	From: Brant Knudson <[email protected]>
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	7	Date: Fri, 15 May 2015 19:21:31 +0000 (-0500)
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	8	Subject: Sanitation of metadata passed from Django
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	9	X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fhorizon.git;a=commitdiff_plain;h=6c944b5013acb0dce7cf3d8717e58f7f2427be07
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	10
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	11	Sanitation of metadata passed from Django
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	12
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	13	We need to escape HTML in metadata passed from Django, which
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	14	can lead to security issues. Refer to the bug for more details.
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	15
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	16	Conflicts:
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	17	horizon/templates/horizon/common/_modal_form_update_metadata.html
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	18
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	19	The conflict was that there are extra spaces in the line.
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	20
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	21	Co-Authored-By: Szymon Wroblewski <[email protected]>
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	22	Change-Id: I4821eacb0bb274befab7995f3a8f87c82d3997f5
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	23	Closes-bug: #1449260
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	24	(cherry picked from commit 81e1fa13177c8e259c90183409696305f55cdd75)
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	25	(cherry picked from commit e7f3e0880f4e311c768c413e43317674cb234515)
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	26	---
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	27
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	28	diff --git a/horizon/templates/horizon/common/_modal_form_update_metadata.html b/horizon/templates/horizon/common/_modal_form_update_metadata.html
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	29	index 6021393..e6b1810 100644
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	30	--- a/horizon/templates/horizon/common/_modal_form_update_metadata.html
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	31	+++ b/horizon/templates/horizon/common/_modal_form_update_metadata.html
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	32	@@ -224,8 +224,8 @@
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	33	</div>
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	34	</div>
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	35	<script type="text/javascript">
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	36	- var existing_metadata = {{existing_metadata\|safe}};
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	37	- var available_metadata = {{available_metadata\|safe}};
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	38	+ var existing_metadata = JSON.parse('{{existing_metadata\|escapejs}}');
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	39	+ var available_metadata = JSON.parse('{{available_metadata\|escapejs}}');
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	40	</script>
028ddffc4038 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	41	{% endblock %}

author	saurabh.vyas@oracle.com
	Mon, 01 Jun 2015 09:37:56 -0700
changeset 4381	028ddffc4038
permissions	-rw-r--r--