New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make sure userdata is correctly passed #31
Conversation
@@ -557,7 +557,7 @@ <h3><translate key="label.select.iso.or.template" /></h3> | |||
<span><translate key="label.add.userdata"/> (<translate key="label.optional"/>)</span> | |||
</div> | |||
<div class="value"> | |||
<textarea name="userdata" class="disallowSpecialCharacters"></textarea> | |||
<textarea name="userdata"></textarea> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this might not be needed but it makes no sense either, so I'll keep this in.
ui/scripts/instanceWizard.js
Outdated
$.extend(deployVmData, { | ||
userdata : encodeURIComponent(btoa(userdata)) | ||
userdata : btoa(userdata) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll re-add the encodeURI call as a base64 string may contain '=' signs.
ui/scripts/instanceWizard.js
Outdated
userdata = userdata | ||
.replace(/&/g, "&") | ||
.replace(/</g, "<") | ||
.replace(/>/g, ">"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nicolas reported he had a test case where the calling variity did work, I so I'll experiment more to see if I can get it to work and replace above with a call to cloudstack.sanitizeReverse(userdata);
these are generic for all fields and hurt userdata call ithe existing method remove class that pretends to prevent special chars
0cbc25d
to
f24b681
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, if testing is okay @DaanHoogland then send to apache/cloudstack
moved to master |
see apache#3260 |
* Added some fixes and made language change not reload * Remove unwanted code Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Fixes stopped VM migration of user VM belonging to user other than root admin https://shapeblue.atlassian.net/browse/KDDI-653
Fixes stopped VM migration of user VM belonging to user other than root admin https://shapeblue.atlassian.net/browse/KDDI-653
Description
removing class="disallowSpecialCharacters" to prevent url encoding
and calling sanitizeReverse on the fields contents before encoding it to send to the server.
Types of changes
Screenshots (if appropriate):
How Has This Been Tested?
This has been manually tested by adding user data containing the characters '&', '<' and '>' in the simulator UI and then checking the data base field in the user_vm table to see if the characters where xml-entities after base64-decoding them.