Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/swift/patches/03-CVE-2013-2161.patch
branchs11-update
changeset 3178 77584387a894
parent 3175 1ff833d174d4
child 3179 07c03b663108 
--- a/components/openstack/swift/patches/03-CVE-2013-2161.patch	Wed Jun 11 05:34:04 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-commit 6659382c4fa348e1ebbce2424968dd7267ea1db1
-Author: Alex Gaynor <[email protected]>
-Date:   Mon May 27 02:07:39 2013 +0000
-
-    Check user input in XML responses.
-    
-    Fixes bug 1183884.
-    
-    * swift/account/server.py: Escape account name in XML listings.
-    
-    Change-Id: I7ba54631ed1349516132c00a53fae74f0b84ac37
-
-diff --git a/swift/account/server.py b/swift/account/server.py
-index 81c4d90..baca5a5 100644
---- a/swift/account/server.py
-+++ b/swift/account/server.py
-@@ -241,7 +241,7 @@ class AccountController(object):
-             account_list = json.dumps(data)
-         elif out_content_type.endswith('/xml'):
-             output_list = ['<?xml version="1.0" encoding="UTF-8"?>',
--                           '<account name="%s">' % account]
-+                           '<account name="%s">' % saxutils.escape(account)]
-             for (name, object_count, bytes_used, is_subdir) in account_list:
-                 name = saxutils.escape(name)
-                 if is_subdir:
upstream/oracle/userland-gate