Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/swift/patches/03-CVE-2013-2161.patch
branchs11-update
changeset 3178 77584387a894
parent 3175 1ff833d174d4
child 3179 07c03b663108
equal deleted inserted replaced
3175:1ff833d174d4 3178:77584387a894 
     1 commit 6659382c4fa348e1ebbce2424968dd7267ea1db1
 
       
     2 Author: Alex Gaynor <[email protected]>
 
       
     3 Date:   Mon May 27 02:07:39 2013 +0000
 
       
     4 
       
     5     Check user input in XML responses.
 
       
     6     
       
     7     Fixes bug 1183884.
 
       
     8     
       
     9     * swift/account/server.py: Escape account name in XML listings.
 
       
    10     
       
    11     Change-Id: I7ba54631ed1349516132c00a53fae74f0b84ac37
 
       
    12 
       
    13 diff --git a/swift/account/server.py b/swift/account/server.py
 
       
    14 index 81c4d90..baca5a5 100644
 
       
    15 --- a/swift/account/server.py
 
       
    16 +++ b/swift/account/server.py
 
       
    17 @@ -241,7 +241,7 @@ class AccountController(object):
 
       
    18              account_list = json.dumps(data)
 
       
    19          elif out_content_type.endswith('/xml'):
 
       
    20              output_list = ['<?xml version="1.0" encoding="UTF-8"?>',
 
       
    21 -                           '<account name="%s">' % account]
 
       
    22 +                           '<account name="%s">' % saxutils.escape(account)]
 
       
    23              for (name, object_count, bytes_used, is_subdir) in account_list:
 
       
    24                  name = saxutils.escape(name)
 
       
    25                  if is_subdir:
upstream/oracle/userland-gate