manila-ui

  1. Bug #1597738
  2. Comment #28

Comment 28 for bug 1597738

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila-ui (stable/mitaka)

Reviewed: https://review.openstack.org/380017
Committed: https://git.openstack.org/cgit/openstack/manila-ui/commit/?id=89593686ef18f2bd06223b92071b4be2362a5abd
Submitter: Jenkins
Branch: stable/mitaka

commit 89593686ef18f2bd06223b92071b4be2362a5abd
Author: Valeriy Ponomaryov <email address hidden>
Date: Thu Jun 30 20:19:22 2016 +0300

    Fix metadata_to_str function code injection vulnerability

    It is possible to inject HTML/JavaScript code into shares table
    member page setting metadata to shares and share types table admin page
    setting extra specs. So, escape HTML-specific symbols in output
    string of 'metadata_to_str' function to make it interpreted
    as string and not as code.

    Depends-On: If83e66d4b2f0f1db181e7c23ac256c498566c2da
    Change-Id: Ied567e06d91941e9aaac7d3117e03cd1770fb75e
    Security-Fix
    Closes-Bug: #1597738
    (clean cherry pick of commit fca19a1b0d42536644212c5d673fbd6866e67c43)