upstream/oracle/userland-gate: components/openstack/horizon/patches/12-CVE-2015-3988.patch@7ca7277ea064 (annotated)

4443 19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	1	Errata patch for CVE-2015-3988
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	2	https://review.openstack.org/183659
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	3	git fetch https://review.openstack.org/openstack/horizon refs/changes/59/183659/1 && git format-patch -1 --stdout FETCH_HEAD
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	4	Fixed upstream and in a future release.
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	5	----
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	6	From: Brant Knudson <[email protected]>
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	7	Date: Fri, 15 May 2015 19:21:31 +0000 (-0500)
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	8	Subject: Sanitation of metadata passed from Django
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	9	X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fhorizon.git;a=commitdiff_plain;h=6c944b5013acb0dce7cf3d8717e58f7f2427be07
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	10
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	11	Sanitation of metadata passed from Django
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	12
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	13	We need to escape HTML in metadata passed from Django, which
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	14	can lead to security issues. Refer to the bug for more details.
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	15
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	16	Conflicts:
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	17	horizon/templates/horizon/common/_modal_form_update_metadata.html
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	18
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	19	The conflict was that there are extra spaces in the line.
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	20
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	21	Co-Authored-By: Szymon Wroblewski <[email protected]>
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	22	Change-Id: I4821eacb0bb274befab7995f3a8f87c82d3997f5
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	23	Closes-bug: #1449260
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	24	(cherry picked from commit 81e1fa13177c8e259c90183409696305f55cdd75)
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	25	(cherry picked from commit e7f3e0880f4e311c768c413e43317674cb234515)
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	26	---
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	27
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	28	diff --git a/horizon/templates/horizon/common/_modal_form_update_metadata.html b/horizon/templates/horizon/common/_modal_form_update_metadata.html
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	29	index 6021393..e6b1810 100644
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	30	--- a/horizon/templates/horizon/common/_modal_form_update_metadata.html
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	31	+++ b/horizon/templates/horizon/common/_modal_form_update_metadata.html
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	32	@@ -224,8 +224,8 @@
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	33	</div>
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	34	</div>
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	35	<script type="text/javascript">
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	36	- var existing_metadata = {{existing_metadata\|safe}};
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	37	- var available_metadata = {{available_metadata\|safe}};
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	38	+ var existing_metadata = JSON.parse('{{existing_metadata\|escapejs}}');
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	39	+ var available_metadata = JSON.parse('{{available_metadata\|escapejs}}');
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	40	</script>
19990f188a99 21148645 problem in SERVICE/HORIZON saurabh.vyas@oracle.com parents: diff changeset	41	{% endblock %}

author	Craig Mohrman <craig.mohrman@oracle.com>
	Mon, 20 Jul 2015 09:11:32 -0700
branch	s11u2-sru
changeset 4673	7ca7277ea064
parent 4443	19990f188a99
permissions	-rw-r--r--