upstream/oracle/userland-gate: components/openstack/horizon/patches/13-CVE-2015-3219.patch@104acafa885a (annotated)

4568 104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	1	Errata patch for CVE-2015-3219
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	2	https://bugs.launchpad.net/horizon/+bug/1453074
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	3
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	4	Fixed upstream and in a future release.
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	5	-------
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	6	From: lin-hua-cheng <[email protected]>
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	7	Date: Mon, 1 Jun 2015 17:55:00 -0700
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	8	Subject: [PATCH] Escape the description param from heat template
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	9
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	10	The heat template allows user to define custom parameters,
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	11	the fields are then converted to input fields. The description
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	12	param maps to the help_text attribute of the field.
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	13
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	14	Since the value comes from the user, the value must be escaped
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	15	before rendering.
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	16
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	17	Change-Id: I79d540a8363b2507c4bccdc0cc38e283962919d2
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	18	Closes-bug: #1453074
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	19	---
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	20	openstack_dashboard/dashboards/project/stacks/forms.py \| 3 ++-
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	21	1 file changed, 2 insertions(+), 1 deletion(-)
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	22
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	23	diff --git a/openstack_dashboard/dashboards/project/stacks/forms.py
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	24	b/openstack_dashboard/dashboards/project/stacks/forms.py
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	25	index 5ee01df..ba9e141 100644
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	26	--- a/openstack_dashboard/dashboards/project/stacks/forms.py
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	27	+++ b/openstack_dashboard/dashboards/project/stacks/forms.py
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	28	@@ -13,6 +13,7 @@
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	29	import json
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	30	import logging
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	31
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	32	+from django.utils import html
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	33	from django.utils.translation import ugettext_lazy as _
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	34	from django.views.decorators.debug import sensitive_variables # noqa
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	35
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	36	@@ -310,7 +311,7 @@ class CreateStackForm(forms.SelfHandlingForm):
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	37	field_args = {
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	38	'initial': param.get('Default', None),
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	39	'label': param.get('Label', param_key),
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	40	- 'help_text': param.get('Description', ''),
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	41	+ 'help_text': html.escape(param.get('Description', '')),
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	42	'required': param.get('Default', None) is None
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	43	}
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	44
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	45	--
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	46	1.9.1
104acafa885a 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	47

author	saurabh.vyas@oracle.com
	Tue, 09 Jun 2015 22:31:26 -0700
branch	s11-update
changeset 4568	104acafa885a
permissions	-rw-r--r--