Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Newton
rabbitmq-server
0002-Don-t-echo-provided-encoding-value-back.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-Don-t-echo-provided-encoding-value-back.patch of Package rabbitmq-server
From 815b84dfba7479b95214d660acbb2c8c3c94d566 Mon Sep 17 00:00:00 2001 From: Michael Klishin <michael@clojurewerkz.org> Date: Wed, 22 Mar 2017 18:25:16 +0300 Subject: [PATCH 2/4] Don't echo provided encoding value back The value can be used for XSS attacks. It hardly carries a lot of value anyway. [#142213453] --- src/rabbit_mgmt_wm_queue_get.erl | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/rabbit_mgmt_wm_queue_get.erl b/src/rabbit_mgmt_wm_queue_get.erl index 16024579..2d679dcd 100644 --- a/src/rabbit_mgmt_wm_queue_get.erl +++ b/src/rabbit_mgmt_wm_queue_get.erl @@ -56,9 +56,7 @@ do_it(ReqData, Context) -> Enc = case EncBin of <<"auto">> -> auto; <<"base64">> -> base64; - _ -> throw({error, - {bad_encoding, - EncBin}}) + _ -> throw({error, <<"Unsupported encoding. Please use auto or base64.">>}) end, Trunc = case proplists:get_value(truncate, Body) of undefined -> none; -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor