Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 831807 Details for
Bug 1036922
CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Upstream patch for 3.2.x
3-2-i18n_xss.patch (text/plain), 3.80 KB, created by
Tomas Hoger
on 2013-12-02 22:22:20 UTC
(
hide
)
Description:
Upstream patch for 3.2.x
Filename:
MIME Type:
Creator:
Tomas Hoger
Created:
2013-12-02 22:22:20 UTC
Size:
3.80 KB
patch
obsolete
>From 616414876d8d93f5b4be0e41d872d40e0e389ee4 Mon Sep 17 00:00:00 2001 >From: Michael Koziarski <michael@koziarski.com> >Date: Fri, 1 Nov 2013 11:50:05 +1300 >Subject: [PATCH] Stop using i18n's built in HTML error handling. > >i18n doesn't depend on active support which means it can't use our html_safe >code to do its escaping when generating the spans. Rather than try to sanitize >the output from i18n, just revert to our old behaviour of rescuing the error >and constructing the tag ourselves. > >Fixes: CVE-2013-4491 > >Conflicts: > actionpack/lib/action_view/helpers/translation_helper.rb > >Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0 >--- > .../lib/action_view/helpers/translation_helper.rb | 21 ++++++++------------- > actionpack/test/template/translation_helper_test.rb | 2 +- > 2 files changed, 9 insertions(+), 14 deletions(-) > >diff --git a/actionpack/lib/action_view/helpers/translation_helper.rb b/actionpack/lib/action_view/helpers/translation_helper.rb >index cc74eff..6ef652d 100644 >--- a/actionpack/lib/action_view/helpers/translation_helper.rb >+++ b/actionpack/lib/action_view/helpers/translation_helper.rb >@@ -1,24 +1,14 @@ > require 'action_view/helpers/tag_helper' > require 'i18n/exceptions' > >-module I18n >- class ExceptionHandler >- include Module.new { >- def call(exception, locale, key, options) >- exception.is_a?(MissingTranslation) && options[:rescue_format] == :html ? super.html_safe : super >- end >- } >- end >-end >- > module ActionView > # = Action View Translation Helpers > module Helpers > module TranslationHelper > # Delegates to <tt>I18n#translate</tt> but also performs three additional functions. > # >- # First, it'll pass the <tt>:rescue_format => :html</tt> option to I18n so that any >- # thrown +MissingTranslation+ messages will be turned into inline spans that >+ # First, it will ensure that any thrown +MissingTranslation+ messages will be turned >+ # into inline spans that: > # > # * have a "translation-missing" class set, > # * contain the missing key as a title attribute and >@@ -44,7 +34,9 @@ module ActionView > # naming convention helps to identify translations that include HTML tags so that > # you know what kind of output to expect when you call translate in a template. > def translate(key, options = {}) >- options.merge!(:rescue_format => :html) unless options.key?(:rescue_format) >+ # If the user has specified rescue_format then pass it all through, otherwise use >+ # raise and do the work ourselves >+ options[:raise] = true unless options.key?(:raise) || options.key?(:rescue_format) > if html_safe_translation_key?(key) > html_safe_options = options.dup > options.except(*I18n::RESERVED_KEYS).each do |name, value| >@@ -58,6 +50,9 @@ module ActionView > else > I18n.translate(scope_key_by_partial(key), options) > end >+ rescue I18n::MissingTranslationData => e >+ keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope]) >+ content_tag('span', keys.last.to_s.titleize, :class => 'translation_missing', :title => "translation missing: #{keys.join('.')}") > end > alias :t :translate > >diff --git a/actionpack/test/template/translation_helper_test.rb b/actionpack/test/template/translation_helper_test.rb >index 397de9c..ebf0f89 100644 >--- a/actionpack/test/template/translation_helper_test.rb >+++ b/actionpack/test/template/translation_helper_test.rb >@@ -30,7 +30,7 @@ class TranslationHelperTest < ActiveSupport::TestCase > end > > def test_delegates_to_i18n_setting_the_rescue_format_option_to_html >- I18n.expects(:translate).with(:foo, :locale => 'en', :rescue_format => :html).returns("") >+ I18n.expects(:translate).with(:foo, :locale => 'en', :raise=>true).returns("") > translate :foo, :locale => 'en' > end > >-- >1.8.3.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=831807">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1036922
: 831807 |
831819