[Fedora-directory-devel] Please review: Bug 462411 - certificate request wizard returns an error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.redhat.com/show_bug.cgi?id=462411
Resolves: bug 462411
Bug Description: certificate request wizard returns an error
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: This was broken as part of the fix for the XSS issues. To fix that, in order to make sure we never displayed any string that contained unescaped HTML entities, we just go ahead and escape everything when we read the values from the CGI GET or POST arguments. For this particular bug, this meant the cert CGI was getting a DN like this: CN="ldap.example.com" instead of CN="ldap.example.com". The solution is to add some functions to adminutil (stolen from dsgw) that can be used to escape/unescape HTML entities. We have to be careful never to display unescaped strings - in this particular case, the DN is never printed. 
Platforms tested: RHEL5
Flag Day: yes - will require new adminutil, adminserver
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=325446&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=325447&action=diff

--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux