upstream/oracle/userland-gate: components/openstack/horizon/patches/03-CVE-2013-6858.patch@5e73a3a3f66a (annotated)

3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	Upstream patch fixed in Havana 2013.2.1
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	3	commit b14debc73132d1253220192e110f00f62ddb8bbc
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	4	Author: Rob Raymond <[email protected]>
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	5	Date: Mon Nov 4 12:12:40 2013 -0700
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	6
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	Fix bug by escaping strings from Nova before displaying them
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	8
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	9	Fixes bug #1247675
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	11	(cherry-picked from commit b8ff480)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	12	Change-Id: I3637faafec1e1fba081533ee020f4ee218fea101
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	13
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	14	diff --git a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	15	index 2311e5c..17a4fb5 100644
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	16	--- a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	17	+++ b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	18	@@ -17,6 +17,7 @@
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	19	import logging
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	21	from django.core.urlresolvers import reverse
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	22	+from django.utils import html
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23	from django.utils import safestring
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	24	from django.utils.http import urlencode
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	25	from django.utils.translation import ugettext_lazy as _
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	26	@@ -68,6 +69,7 @@ class SnapshotVolumeNameColumn(tables.Column):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	27	request = self.table.request
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	28	volume_name = api.cinder.volume_get(request,
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	29	snapshot.volume_id).display_name
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	30	+ volume_name = html.escape(volume_name)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	31	return safestring.mark_safe(volume_name)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	32
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	33	def get_link_url(self, snapshot):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	34	diff --git a/openstack_dashboard/dashboards/project/volumes/tables.py b/openstack_dashboard/dashboards/project/volumes/tables.py
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	35	index b14145b..e5426c1 100644
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	36	--- a/openstack_dashboard/dashboards/project/volumes/tables.py
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	37	+++ b/openstack_dashboard/dashboards/project/volumes/tables.py
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	38	@@ -19,7 +19,7 @@ import logging
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	39	from django.core.urlresolvers import reverse, NoReverseMatch
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	40	from django.template.defaultfilters import title
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	41	from django.utils import safestring
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	42	-from django.utils.html import strip_tags
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	43	+from django.utils import html
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	44	from django.utils.translation import ugettext_lazy as _
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	45
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	46	from horizon import exceptions
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	47	@@ -111,7 +111,7 @@ def get_attachment_name(request, attachment):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	48	"attachment information."))
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	49	try:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	50	url = reverse("horizon:project:instances:detail", args=(server_id,))
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	51	- instance = '<a href="%s">%s</a>' % (url, name)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	52	+ instance = '<a href="%s">%s</a>' % (url, html.escape(name))
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	53	except NoReverseMatch:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	54	instance = name
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	55	return instance
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	56	@@ -132,7 +132,7 @@ class AttachmentColumn(tables.Column):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	57	# without the server name...
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	58	instance = get_attachment_name(request, attachment)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	59	vals = {"instance": instance,
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	60	- "dev": attachment["device"]}
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	61	+ "dev": html.escape(attachment["device"])}
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	62	attachments.append(link % vals)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	63	return safestring.mark_safe(", ".join(attachments))
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	64
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	65	@@ -225,7 +225,7 @@ class AttachmentsTable(tables.DataTable):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	66	def get_object_display(self, attachment):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	67	instance_name = get_attachment_name(self.request, attachment)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	68	vals = {"dev": attachment['device'],
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	69	- "instance_name": strip_tags(instance_name)}
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	70	+ "instance_name": html.escape(instance_name)}
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	71	return _("%(dev)s on instance %(instance_name)s") % vals
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	72
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	73	def get_object_by_id(self, obj_id):

author	Drew Fisher <drew.fisher@oracle.com>
	Mon, 31 Mar 2014 16:44:02 -0700
branch	s11-update
changeset 3028	5e73a3a3f66a
permissions	-rw-r--r--