Overview

File 0002-Don-t-echo-provided-encoding-value-back.patch of Package rabbitmq-server

From 815b84dfba7479b95214d660acbb2c8c3c94d566 Mon Sep 17 00:00:00 2001
From: Michael Klishin <michael@clojurewerkz.org>
Date: Wed, 22 Mar 2017 18:25:16 +0300
Subject: [PATCH 2/4] Don't echo provided encoding value back

The value can be used for XSS attacks. It hardly
carries a lot of value anyway.

[#142213453]
---
 src/rabbit_mgmt_wm_queue_get.erl | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/rabbit_mgmt_wm_queue_get.erl b/src/rabbit_mgmt_wm_queue_get.erl
index 16024579..2d679dcd 100644
--- a/src/rabbit_mgmt_wm_queue_get.erl
+++ b/src/rabbit_mgmt_wm_queue_get.erl
@@ -56,9 +56,7 @@ do_it(ReqData, Context) ->
                         Enc = case EncBin of
                                   <<"auto">>   -> auto;
                                   <<"base64">> -> base64;
-                                  _            -> throw({error,
-                                                         {bad_encoding,
-                                                          EncBin}})
+                                  _            -> throw({error, <<"Unsupported encoding. Please use auto or base64.">>})
                               end,
                         Trunc = case proplists:get_value(truncate, Body) of
                                     undefined -> none;
-- 
2.27.0
openSUSE Build Service is sponsored by
Places