Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 951859 Details for
Bug 1156299
CVE-2014-7811 Red Hat Satellite, Spacewalk: multiple XSS
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Sat5.6 patch
xss56.patch (text/plain), 9.89 KB, created by
Grant Gainey
on 2014-10-29 17:20:24 UTC
(
hide
)
Description:
Sat5.6 patch
Filename:
MIME Type:
Creator:
Grant Gainey
Created:
2014-10-29 17:20:24 UTC
Size:
9.89 KB
patch
obsolete
>diff --git a/java/code/src/com/redhat/rhn/frontend/action/systems/sdc/SystemOverviewAction.java b/java/code/src/com/redhat/rhn/frontend/action/systems/sdc/SystemOverviewAction.java >index 96d9f2f..10fddd1 100644 >--- a/java/code/src/com/redhat/rhn/frontend/action/systems/sdc/SystemOverviewAction.java >+++ b/java/code/src/com/redhat/rhn/frontend/action/systems/sdc/SystemOverviewAction.java >@@ -14,6 +14,22 @@ > */ > package com.redhat.rhn.frontend.action.systems.sdc; > >+import java.util.ArrayList; >+import java.util.Arrays; >+import java.util.Date; >+import java.util.HashMap; >+import java.util.Iterator; >+import java.util.List; >+import java.util.Map; >+ >+import javax.servlet.http.HttpServletRequest; >+import javax.servlet.http.HttpServletResponse; >+ >+import org.apache.commons.lang.StringEscapeUtils; >+import org.apache.struts.action.ActionForm; >+import org.apache.struts.action.ActionForward; >+import org.apache.struts.action.ActionMapping; >+ > import com.redhat.rhn.common.conf.ConfigDefaults; > import com.redhat.rhn.common.db.datasource.DataResult; > import com.redhat.rhn.common.localization.LocalizationService; >@@ -33,21 +49,6 @@ import com.redhat.rhn.manager.rhnpackage.PackageManager; > import com.redhat.rhn.manager.system.SystemManager; > import com.redhat.rhn.manager.user.UserManager; > >-import org.apache.struts.action.ActionForm; >-import org.apache.struts.action.ActionForward; >-import org.apache.struts.action.ActionMapping; >- >-import java.util.ArrayList; >-import java.util.Arrays; >-import java.util.Date; >-import java.util.HashMap; >-import java.util.Iterator; >-import java.util.List; >-import java.util.Map; >- >-import javax.servlet.http.HttpServletRequest; >-import javax.servlet.http.HttpServletResponse; >- > /** > * SystemOverviewAction > * @version $Rev$ >@@ -74,7 +75,8 @@ public class SystemOverviewAction extends RhnAction { > String description = null; > > if (s.getDescription() != null) { >- description = new String(s.getDescription()).replaceAll("\\n", "<br/>"); >+ description = StringEscapeUtils.escapeHtml(s.getDescription()) >+ .replaceAll("\\n", "<br/>"); > } > > // System Channels >diff --git a/java/code/webapp/WEB-INF/pages/admin/users/disabledlist.jsp b/java/code/webapp/WEB-INF/pages/admin/users/disabledlist.jsp >index 98d83e1..7ddc4c3 100644 >--- a/java/code/webapp/WEB-INF/pages/admin/users/disabledlist.jsp >+++ b/java/code/webapp/WEB-INF/pages/admin/users/disabledlist.jsp >@@ -34,24 +34,24 @@ > <rl:selectablecolumn value="${current.id}" > selected="${current.selected}" > disabled="${not current.selectable}"/> >- >+ > <rl:column bound="false" > sortable="true" > headerkey="username.nopunc.displayname" > sortattr="userLogin"> > <c:out value="<a href=\"UserDetails.do?uid=${current.id}\">${current.userLogin}</a>" escapeXml="false" /> >- </rl:column> >- >- >+ </rl:column> >+ >+ > <rl:decorator name="PageSizeDecorator"/> >- >+ > <%@ include file="/WEB-INF/pages/common/fragments/user/userlist_columns.jspf" %> > > <rl:column >- headerkey="disabledlist.jsp.disabledBy"> >- <c:out value="${current.changedByFirstName} ${current.changedByLastName}" escapeXml="false"/> >+ headerkey="disabledlist.jsp.disabledBy"> >+ <c:out value="${current.changedByFirstName} ${current.changedByLastName}" /> > </rl:column> >- >+ > <rl:column headerkey="disabledlist.jsp.disabledOn" > bound="true" > attr="changeDateString" >@@ -61,7 +61,7 @@ > <rl:csv dataset="pageList" > name="disabledUserList" > exportColumns="userLogin,userLastName,userFirstName,email,roleNames,lastLoggedIn,changedByFirstName,changedByLastName,changeDate"/> >- >+ > <div align="right"> > <hr /> > <input type="submit" name="dispatch" value="<bean:message key="disabledlist.jsp.reactivate"/>" /> >diff --git a/java/code/webapp/WEB-INF/pages/common/fragments/user/userlist_columns.jspf b/java/code/webapp/WEB-INF/pages/common/fragments/user/userlist_columns.jspf >index ce2fb96..b1af17d 100644 >--- a/java/code/webapp/WEB-INF/pages/common/fragments/user/userlist_columns.jspf >+++ b/java/code/webapp/WEB-INF/pages/common/fragments/user/userlist_columns.jspf >@@ -4,8 +4,8 @@ > sortable="true" > headerkey="realname.displayname" > sortattr="userLastName"> >- >- <c:out value="${current.userLastName}, ${current.userFirstName}" escapeXml="false" /> >+ >+ <c:out value="${current.userLastName}, ${current.userFirstName}" /> > > </rl:column> > >@@ -13,7 +13,7 @@ > headerkey="userdetails.jsp.roles" > sortable="true" > attr="roleNames"/> >- >+ > <rl:column bound="true" > headerkey="userdetails.jsp.lastsign" > sortable="true" >diff --git a/java/code/webapp/WEB-INF/pages/systems/sdc/overview.jsp b/java/code/webapp/WEB-INF/pages/systems/sdc/overview.jsp >index 758a86e..78ef32f 100644 >--- a/java/code/webapp/WEB-INF/pages/systems/sdc/overview.jsp >+++ b/java/code/webapp/WEB-INF/pages/systems/sdc/overview.jsp >@@ -86,7 +86,7 @@ > <img src="/img/rhn-mini_icon-warning.gif"/> > </c:otherwise> > </c:choose> >- <a href="/rhn/systems/details/probes/ProbeDetails.do?sid=${system.id}&probe_id=${probe.id}">${probe.description}</a><br/> >+ <a href="/rhn/systems/details/probes/ProbeDetails.do?sid=${system.id}&probe_id=${probe.id}"><c:out value="${probe.description}"/></a><br/> > </c:forEach> > </div> > <div class="systeminfo-clear" /> >@@ -137,7 +137,7 @@ > <c:if test="${system.virtualGuest}"> > <tr> > <th><bean:message key="sdc.details.overview.virtualization"/></th> >- <td>${system.virtualInstance.type.name}</td> >+ <td><c:out value="${system.virtualInstance.type.name}"/></td> > </tr> > <tr> > <th><bean:message key="sdc.details.overview.uuid"/></th> >@@ -285,7 +285,7 @@ > <c:otherwise> > > <c:forEach items="${system.entitlements}" var="entitlement"> >- [${entitlement.humanReadableLabel}] >+ [<c:out value="${entitlement.humanReadableLabel}" />] > </c:forEach> > > </c:otherwise> >@@ -331,7 +331,7 @@ > </tr> > <tr> > <th><bean:message key="sdc.details.overview.description"/></th> >- <td>${description}</td> >+ <td><c:out value="${description}" escapeXml="false"/></td> <!-- already html-escaped in backend --> > </tr> > <tr> > <th><bean:message key="sdc.details.overview.location"/></th> >@@ -386,7 +386,7 @@ > <c:if test="${system.baseChannel != null}"> > <ul class="channel-list"> > <li> >- <a href="/rhn/channels/ChannelDetail.do?cid=${baseChannel['id']}">${baseChannel['name']}</a> >+ <a href="/rhn/channels/ChannelDetail.do?cid=${baseChannel['id']}"><c:out value="${baseChannel['name']}" /></a> > <c:if test="${baseChannel['is_fve'] == 'Y'}"> > (Flex) > </c:if> >@@ -394,7 +394,7 @@ > > <c:forEach items="${childChannels}" var="childChannel"> > <li class="child-channel"> >- <a href="/rhn/channels/ChannelDetail.do?cid=${childChannel['id']}">${childChannel['name']}</a> >+ <a href="/rhn/channels/ChannelDetail.do?cid=${childChannel['id']}"><c:out value="${childChannel['name']}" /></a> > <c:if test="${childChannel['is_fve'] == 'Y'}"> > (Flex) > </c:if> >diff --git a/web/modules/rhn/RHN/Server.pm b/web/modules/rhn/RHN/Server.pm >index 08fd5a8..d660e6d 100644 >--- a/web/modules/rhn/RHN/Server.pm >+++ b/web/modules/rhn/RHN/Server.pm >@@ -7,10 +7,10 @@ > # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 > # along with this software; if not, see > # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. >-# >+# > # Red Hat trademarks are not licensed under GPLv2. No permission is > # granted to use or replicate Red Hat trademarks that are incorporated >-# in this software or its documentation. >+# in this software or its documentation. > # > > # Server - Object >@@ -126,7 +126,10 @@ sub render { > if ($self->{COMPLETION_TIME}) { > $ret->{server_event_details} .= qq{The client completed this action on $formatted_dates{COMPLETION_TIME}.<br />\n}; > >- $ret->{server_event_details} .= qq{Client execution returned "$self->{RESULT_MSG}" (code $self->{RESULT_CODE})<br />\n}; >+ $ret->{server_event_details} .= >+ sprintf(<<EOQ, PXT::Utils->escapeHTML($self->{RESULT_MSG}), $self->{RESULT_CODE}); >+Client execution returned "%s" (code %d)<br />\n >+EOQ > } > else { > $ret->{server_event_details} .= qq{The client has not yet completed this action.<br />\n}; >@@ -276,7 +279,7 @@ sub dependency_errors { > > if ($self->{NUM_SHOWN_PKG_DEPENDENCY_ERRORS} < $self->{TOTAL_PKG_DEPENDENCY_ERRORS}) { > $ret->{server_event_details} .= qq{<div class="action-summary-package">}; >- $ret->{server_event_details} .= PXT::HTML->link('/network/systems/details/history/dependency_failures.pxt?sid=' . $self->{SERVER_ID} . >+ $ret->{server_event_details} .= PXT::HTML->link('/network/systems/details/history/dependency_failures.pxt?sid=' . $self->{SERVER_ID} . > '&hid=' . $self->{ACTION_ID}, "View all $self->{TOTAL_PKG_DEPENDENCY_ERRORS} dependency errors"); > $ret->{server_event_details} .= qq{</div>}; > } >@@ -293,7 +296,7 @@ sub render { > > my $ret = $self->SUPER::render(@_); > >- my $package_name = 'Packages'; >+ my $package_name = 'Packages'; > $package_name = 'Patches' if $self->{NAME} =~ /Patch/; > $package_name = 'Patch Cluster' if $self->{NAME} =~ /Patch Cluster/; > >@@ -347,7 +350,7 @@ sub render { > my $ret = $self->SUPER::render(@_); > use Data::Dumper; > warn Dumper($self); >- my $package_name = 'Packages'; >+ my $package_name = 'Packages'; > $package_name = 'Patches' if $self->{NAME} =~ /Patch/; > $package_name = 'Patch Cluster' if $self->{NAME} =~ /Patch Cluster/; > >@@ -402,7 +405,7 @@ sub render { > my $self = shift; > my $ret = $self->SUPER::render(@_); > >- my $package_name = 'Packages'; >+ my $package_name = 'Packages'; > $package_name = 'Patches' if $self->{NAME} =~ /Patch/; > $package_name = 'Patch Cluster' if $self->{NAME} =~ /Patch Cluster/; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=951859">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1156299
:
951111
| 951859