upstream/oracle/userland-gate: components/openstack/horizon/patches/13-CVE-2015-3219.patch@5a11150c7d2e (annotated)

4459 5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	1	Errata patch for CVE-2015-3219
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	2	https://bugs.launchpad.net/horizon/+bug/1453074
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	3
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	4	Fixed upstream and in a future release.
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	5	-------
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	6	From: lin-hua-cheng <[email protected]>
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	7	Date: Mon, 1 Jun 2015 17:55:00 -0700
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	8	Subject: [PATCH] Escape the description param from heat template
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	9
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	10	The heat template allows user to define custom parameters,
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	11	the fields are then converted to input fields. The description
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	12	param maps to the help_text attribute of the field.
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	13
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	14	Since the value comes from the user, the value must be escaped
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	15	before rendering.
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	16
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	17	Change-Id: I79d540a8363b2507c4bccdc0cc38e283962919d2
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	18	Closes-bug: #1453074
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	19	---
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	20	openstack_dashboard/dashboards/project/stacks/forms.py \| 3 ++-
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	21	1 file changed, 2 insertions(+), 1 deletion(-)
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	22
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	23	diff --git a/openstack_dashboard/dashboards/project/stacks/forms.py
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	24	b/openstack_dashboard/dashboards/project/stacks/forms.py
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	25	index 5ee01df..ba9e141 100644
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	26	--- a/openstack_dashboard/dashboards/project/stacks/forms.py
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	27	+++ b/openstack_dashboard/dashboards/project/stacks/forms.py
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	28	@@ -13,6 +13,7 @@
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	29	import json
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	30	import logging
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	31
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	32	+from django.utils import html
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	33	from django.utils.translation import ugettext_lazy as _
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	34	from django.views.decorators.debug import sensitive_variables # noqa
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	35
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	36	@@ -310,7 +311,7 @@ class CreateStackForm(forms.SelfHandlingForm):
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	37	field_args = {
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	38	'initial': param.get('Default', None),
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	39	'label': param.get('Label', param_key),
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	40	- 'help_text': param.get('Description', ''),
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	41	+ 'help_text': html.escape(param.get('Description', '')),
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	42	'required': param.get('Default', None) is None
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	43	}
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	44
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	45	--
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	46	1.9.1
5a11150c7d2e 21203559 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	47

author	saurabh.vyas@oracle.com
	Tue, 09 Jun 2015 22:31:26 -0700
changeset 4459	5a11150c7d2e
permissions	-rw-r--r--