Univention Bugzilla – Attachment 4380 Details for
Bug 27189
"&" im Namen von Snapshots
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Escape user supplied values
27189_uvmm-xml-escape.diff (text/plain), 2.76 KB, created by
Philipp Hahn
on 2012-05-21 14:19 CEST
(
hide
)
Description:
Escape user supplied values
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2012-05-21 14:19 CEST
Size:
2.76 KB
patch
obsolete
>Bug #27189: Fix xml-escape > >When creating XML from scratch, the user supplied values need to be escaped. >diff --git a/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/node.py b/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/node.py >index c7c82c6..e60daab 100644 >--- a/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/node.py >+++ b/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/node.py >@@ -56,6 +56,7 @@ import errno > import fnmatch > import re > import random >+from xml.sax.saxutils import escape as xml_escape > try: > import xml.etree.ElementTree as ET > except ImportError: >@@ -1590,7 +1591,7 @@ def domain_snapshot_create(uri, domain, snapshot): > if dom_stat.pd.snapshots is None: > raise NodeError(_('Snapshot not supported "%(node)s"'), node=uri) > old_state = dom_stat.key() >- xml = '''<domainsnapshot><name>%s</name></domainsnapshot>''' % snapshot >+ xml = '''<domainsnapshot><name>%s</name></domainsnapshot>''' % (xml_escape(snapshot),) > s = dom.snapshotCreateXML(xml, 0) > > dom_stat.update(dom) >diff --git a/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/storage.py b/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/storage.py >index a544230..cfae567 100644 >--- a/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/storage.py >+++ b/branches/ucs-3.0/ucs/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/storage.py >@@ -42,6 +42,7 @@ from protocol import Disk, Data_Pool > import os.path > import univention.config_registry as ucr > import time >+from xml.sax.saxutils import escape as xml_escape > > configRegistry = ucr.ConfigRegistry() > configRegistry.load() >@@ -63,8 +64,8 @@ def create_storage_pool(conn, dir, pool_name='default'): > </target> > </pool> > ''' % { >- 'pool': pool_name, >- 'path': dir, >+ 'pool': xml_escape(pool_name), >+ 'path': xml_escape(dir), > } > try: > p = conn.storagePoolDefineXML(xml, 0) >@@ -127,7 +128,7 @@ def create_storage_volume(conn, domain, disk): > size = 8 << 30 # GiB > > values = { >- 'name': os.path.basename(disk.source), >+ 'name': xml_escape(os.path.basename(disk.source)), > 'size': size, > } > >@@ -137,7 +138,7 @@ def create_storage_volume(conn, domain, disk): > pool_type = doc.firstChild.getAttribute('type') > if pool_type in ('dir', 'fs', 'netfs'): > if hasattr(disk, 'driver_type') and disk.driver_type not in (None, 'iso', 'aio'): >- values['type'] = disk.driver_type >+ values['type'] = xml_escape(disk.driver_type) > else: > values['type'] = 'raw' > # permissions
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4380">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 27189
: 4380