Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/horizon/patches/03-CVE-2013-6858.patch
author Drew Fisher <drew.fisher@oracle.com>
Mon, 17 Mar 2014 09:51:44 -0600
changeset 1760 353323c7bdc1
permissions -rw-r--r--
PSARC/2013/350 OpenStack for Solaris (Umbrella) PSARC/2014/007 OpenStack client API components for Grizzly PSARC/2014/054 OpenStack Cinder (OpenStack Block Storage Service) PSARC/2014/055 OpenStack Glance (OpenStack Image Service) PSARC/2014/058 OpenStack Horizon (OpenStack Dashboard) PSARC/2014/048 OpenStack Keystone (OpenStack Identity Service) PSARC/2014/059 OpenStack Neutron (OpenStack Networking Service) PSARC/2014/049 OpenStack Nova (OpenStack Compute Service) 18290089 integrate cinderclient 18290097 integrate glanceclient 18290102 integrate keystoneclient 18290109 integrate neutronclient 18290113 integrate novaclient 18290119 integrate swiftclient 18290125 integrate quantumclient 18307582 Request to integrate Cinder into userland 18307595 Request to integrate Glance into userland 18307626 Request to integrate Horizon into userland 18307641 Request to integrate Keystone into userland 18307650 Request to integrate Neutron into userland 18307659 Request to integrate Nova into userland 18321909 a few Python packages deliver both po and mo files
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1760
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff changeset 
     1
 
Upstream patch fixed in Havana 2013.2.1
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff changeset 
     2
 












353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     3


commit b14debc73132d1253220192e110f00f62ddb8bbc













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     4


Author: Rob Raymond <[email protected]>













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     5


Date:   Mon Nov 4 12:12:40 2013 -0700













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     6














353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     7


    Fix bug by escaping strings from Nova before displaying them













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     8


    













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     9


    Fixes bug #1247675













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    10


    













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    11


    (cherry-picked from commit b8ff480)













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    12


    Change-Id: I3637faafec1e1fba081533ee020f4ee218fea101













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    13














353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    14


diff --git a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    15


index 2311e5c..17a4fb5 100644













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    16


--- a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    17


+++ b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    18


@@ -17,6 +17,7 @@













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    19


 import logging













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    20


 













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    21


 from django.core.urlresolvers import reverse













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    22


+from django.utils import html













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    23


 from django.utils import safestring













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    24


 from django.utils.http import urlencode













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    25


 from django.utils.translation import ugettext_lazy as _













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    26


@@ -68,6 +69,7 @@ class SnapshotVolumeNameColumn(tables.Column):













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    27


         request = self.table.request













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    28


         volume_name = api.cinder.volume_get(request,













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    29


                                             snapshot.volume_id).display_name













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    30


+        volume_name = html.escape(volume_name)













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    31


         return safestring.mark_safe(volume_name)













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    32


 













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    33


     def get_link_url(self, snapshot):













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    34


diff --git a/openstack_dashboard/dashboards/project/volumes/tables.py b/openstack_dashboard/dashboards/project/volumes/tables.py













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    35


index b14145b..e5426c1 100644













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    36


--- a/openstack_dashboard/dashboards/project/volumes/tables.py













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    37


+++ b/openstack_dashboard/dashboards/project/volumes/tables.py













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    38


@@ -19,7 +19,7 @@ import logging













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    39


 from django.core.urlresolvers import reverse, NoReverseMatch













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    40


 from django.template.defaultfilters import title













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    41


 from django.utils import safestring













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    42


-from django.utils.html import strip_tags













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    43


+from django.utils import html













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    44


 from django.utils.translation import ugettext_lazy as _













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    45


 













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    46


 from horizon import exceptions













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    47


@@ -111,7 +111,7 @@ def get_attachment_name(request, attachment):













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    48


                                          "attachment information."))













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    49


     try:













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    50


         url = reverse("horizon:project:instances:detail", args=(server_id,))













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    51


-        instance = '<a href="%s">%s</a>' % (url, name)













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    52


+        instance = '<a href="%s">%s</a>' % (url, html.escape(name))













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    53


     except NoReverseMatch:













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    54


         instance = name













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    55


     return instance













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    56


@@ -132,7 +132,7 @@ class AttachmentColumn(tables.Column):













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    57


             # without the server name...













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    58


             instance = get_attachment_name(request, attachment)













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    59


             vals = {"instance": instance,













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    60


-                    "dev": attachment["device"]}













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    61


+                    "dev": html.escape(attachment["device"])}













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    62


             attachments.append(link % vals)













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    63


         return safestring.mark_safe(", ".join(attachments))













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    64


 













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    65


@@ -225,7 +225,7 @@ class AttachmentsTable(tables.DataTable):













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    66


     def get_object_display(self, attachment):













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    67


         instance_name = get_attachment_name(self.request, attachment)













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    68


         vals = {"dev": attachment['device'],













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    69


-                "instance_name": strip_tags(instance_name)}













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    70


+                "instance_name": html.escape(instance_name)}













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    71


         return _("%(dev)s on instance %(instance_name)s") % vals













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    72


 













353323c7bdc1
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    73


     def get_object_by_id(self, obj_id):















upstream/oracle/userland-gate