GitHub user hornn opened a pull request:
https://github.com/apache/incubator-hawq/pull/136
Hawq 189
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/hornn/incubator-hawq HAWQ-189
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-hawq/pull/136.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #136
----
commit e48dfffbe27a1d6ce07bbf2333d6e98f1e8d029e
Author: Noa Horn <[email protected]>
Date: 2015-11-25T18:14:21Z
HAWQ-189. Replace all non-alpha-numeric characters in returned message to
avoid cross-site scripting
The recommendation to avoid XSS is to validate the input. Because the path
can be of any format, depending on the custom plugins used, no generic
validation is possible at the entry point. Instead we chose to make sure that
the returned ok message is safe by replacing all special characters with a dot.
commit 0b8c6f8d2ba6d9eacf49ff85b5e4987e7643788a
Author: Noa Horn <[email protected]>
Date: 2015-11-25T22:50:19Z
HAWQ-189. unittest
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
