commit 92d7eadd328797d392758c79e258c8455874c80e
Author: Samuel Merritt <email address hidden>
Date: Thu Jun 13 11:13:36 2013 -0700
Better escaping for GET /v1/a?format=xml.
Commit 8f9b135 fixed a bug where an XML attribute could have arbitrary
characters jammed into it, resulting in a document with arbitrary
tags... and it did remove the ability to get an arbitrary XML document
out of the object server. However, it left a couple of ways to get a
malformed XML document, one example of which is an account named ".
This fixes up the remaining ways and ensures you always get a
well-formed XML document in the account-listing response. Also, it
adds a unit test for the escaping of the container name; this was
already working, just untested.
If you look in the discussion for bug 1183884, you'll see that the
review comments there are basically "seems good, but could use a unit
test". (The astute reader will note that I am one of the guilty
parties in that review.)
I found this bug while writing the missing unit test.
The moral of this story is left as an exercise for the reader.
Reviewed: https:/ /review. openstack. org/32982 github. com/openstack/ swift/commit/ 92d7eadd328797d 392758c79e258c8 455874c80e
Committed: http://
Submitter: Jenkins
Branch: master
commit 92d7eadd328797d 392758c79e258c8 455874c80e
Author: Samuel Merritt <email address hidden>
Date: Thu Jun 13 11:13:36 2013 -0700
Better escaping for GET /v1/a?format=xml.
Commit 8f9b135 fixed a bug where an XML attribute could have arbitrary
characters jammed into it, resulting in a document with arbitrary
tags... and it did remove the ability to get an arbitrary XML document
out of the object server. However, it left a couple of ways to get a
malformed XML document, one example of which is an account named ".
This fixes up the remaining ways and ensures you always get a
well-formed XML document in the account-listing response. Also, it
adds a unit test for the escaping of the container name; this was
already working, just untested.
If you look in the discussion for bug 1183884, you'll see that the
review comments there are basically "seems good, but could use a unit
test". (The astute reader will note that I am one of the guilty
parties in that review.)
I found this bug while writing the missing unit test.
The moral of this story is left as an exercise for the reader.
Fixes bug 1183884 harder.
Change-Id: I84b24dd930ba1b b6c4f674f8d3996 639dedbce15