PSARC/2013/350 OpenStack for Solaris (Umbrella)
PSARC/2014/007 OpenStack client API components for Grizzly
PSARC/2014/048 OpenStack Keystone (OpenStack Identity Service)
PSARC/2014/049 OpenStack Nova (OpenStack Compute Service)
PSARC/2014/054 OpenStack Cinder (OpenStack Block Storage Service)
PSARC/2014/055 OpenStack Glance (OpenStack Image Service)
PSARC/2014/058 OpenStack Horizon (OpenStack Dashboard)
PSARC/2014/059 OpenStack Neutron (OpenStack Networking Service)
17531161 greenlet doesn't build with gcc 4.7.X
18143276 greenlet can crash with register window corruption on MP SPARC
18290089 integrate cinderclient
18290097 integrate glanceclient
18290102 integrate keystoneclient
18290109 integrate neutronclient
18290113 integrate novaclient
18290119 integrate swiftclient
18290125 integrate quantumclient
18307582 Request to integrate Cinder into userland
18307595 Request to integrate Glance into userland
18307626 Request to integrate Horizon into userland
18307641 Request to integrate Keystone into userland
18307650 Request to integrate Neutron into userland
18307659 Request to integrate Nova into userland
18321909 a few Python packages deliver both po and mo files
18362900 Dnsmasq's SMF method_credential is missing a privilege
18363793 Dnsmasq should use SIOCSXARP ioctl
Upstream patch fixed in Havana 2013.2.1
commit b14debc73132d1253220192e110f00f62ddb8bbc
Author: Rob Raymond <[email protected]>
Date: Mon Nov 4 12:12:40 2013 -0700
Fix bug by escaping strings from Nova before displaying them
Fixes bug #1247675
(cherry-picked from commit b8ff480)
Change-Id: I3637faafec1e1fba081533ee020f4ee218fea101
diff --git a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
index 2311e5c..17a4fb5 100644
--- a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
+++ b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
@@ -17,6 +17,7 @@
import logging
from django.core.urlresolvers import reverse
+from django.utils import html
from django.utils import safestring
from django.utils.http import urlencode
from django.utils.translation import ugettext_lazy as _
@@ -68,6 +69,7 @@ class SnapshotVolumeNameColumn(tables.Column):
request = self.table.request
volume_name = api.cinder.volume_get(request,
snapshot.volume_id).display_name
+ volume_name = html.escape(volume_name)
return safestring.mark_safe(volume_name)
def get_link_url(self, snapshot):
diff --git a/openstack_dashboard/dashboards/project/volumes/tables.py b/openstack_dashboard/dashboards/project/volumes/tables.py
index b14145b..e5426c1 100644
--- a/openstack_dashboard/dashboards/project/volumes/tables.py
+++ b/openstack_dashboard/dashboards/project/volumes/tables.py
@@ -19,7 +19,7 @@ import logging
from django.core.urlresolvers import reverse, NoReverseMatch
from django.template.defaultfilters import title
from django.utils import safestring
-from django.utils.html import strip_tags
+from django.utils import html
from django.utils.translation import ugettext_lazy as _
from horizon import exceptions
@@ -111,7 +111,7 @@ def get_attachment_name(request, attachment):
"attachment information."))
try:
url = reverse("horizon:project:instances:detail", args=(server_id,))
- instance = '<a href="%s">%s</a>' % (url, name)
+ instance = '<a href="%s">%s</a>' % (url, html.escape(name))
except NoReverseMatch:
instance = name
return instance
@@ -132,7 +132,7 @@ class AttachmentColumn(tables.Column):
# without the server name...
instance = get_attachment_name(request, attachment)
vals = {"instance": instance,
- "dev": attachment["device"]}
+ "dev": html.escape(attachment["device"])}
attachments.append(link % vals)
return safestring.mark_safe(", ".join(attachments))
@@ -225,7 +225,7 @@ class AttachmentsTable(tables.DataTable):
def get_object_display(self, attachment):
instance_name = get_attachment_name(self.request, attachment)
vals = {"dev": attachment['device'],
- "instance_name": strip_tags(instance_name)}
+ "instance_name": html.escape(instance_name)}
return _("%(dev)s on instance %(instance_name)s") % vals
def get_object_by_id(self, obj_id):