21148645 problem in SERVICE/HORIZON
authorsaurabh.vyas@oracle.com
Mon, 01 Jun 2015 09:37:56 -0700
changeset 4381 028ddffc4038
parent 4379 3c069007ce28
child 4382 6ca670e38194
21148645 problem in SERVICE/HORIZON
components/openstack/horizon/patches/12-CVE-2015-3988.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/horizon/patches/12-CVE-2015-3988.patch	Mon Jun 01 09:37:56 2015 -0700
@@ -0,0 +1,41 @@
+Errata patch for CVE-2015-3988
+https://review.openstack.org/183659
+git fetch https://review.openstack.org/openstack/horizon refs/changes/59/183659/1 && git format-patch -1 --stdout FETCH_HEAD
+Fixed upstream and in a future release.
+----
+From: Brant Knudson <[email protected]>
+Date: Fri, 15 May 2015 19:21:31 +0000 (-0500)
+Subject: Sanitation of metadata passed from Django
+X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fhorizon.git;a=commitdiff_plain;h=6c944b5013acb0dce7cf3d8717e58f7f2427be07
+
+Sanitation of metadata passed from Django
+
+We need to escape HTML in metadata passed from Django, which
+can lead to security issues. Refer to the bug for more details.
+
+Conflicts:
+ horizon/templates/horizon/common/_modal_form_update_metadata.html
+
+The conflict was that there are extra spaces in the line.
+
+Co-Authored-By: Szymon Wroblewski <[email protected]>
+Change-Id: I4821eacb0bb274befab7995f3a8f87c82d3997f5
+Closes-bug: #1449260
+(cherry picked from commit 81e1fa13177c8e259c90183409696305f55cdd75)
+(cherry picked from commit e7f3e0880f4e311c768c413e43317674cb234515)
+---
+
+diff --git a/horizon/templates/horizon/common/_modal_form_update_metadata.html b/horizon/templates/horizon/common/_modal_form_update_metadata.html
+index 6021393..e6b1810 100644
+--- a/horizon/templates/horizon/common/_modal_form_update_metadata.html
++++ b/horizon/templates/horizon/common/_modal_form_update_metadata.html
[email protected]@ -224,8 +224,8 @@
+     </div>
+   </div>
+   <script type="text/javascript">
+-    var existing_metadata = {{existing_metadata|safe}};
+-    var available_metadata = {{available_metadata|safe}};
++    var existing_metadata = JSON.parse('{{existing_metadata|escapejs}}');
++    var available_metadata = JSON.parse('{{available_metadata|escapejs}}');
+   </script>
+ {% endblock %}