This bug is no longer valid. XML support was removed in Kilo, which is
the oldest version we support. Marking as invalid.
** Changed in: keystone
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1289590
Title:
SQL Error during update tenant and possibly other calls
Status in OpenStack Identity (keystone):
Invalid
Bug description:
Attributes in the description cause sql error and 500. Possible injection.
PUT /v2.0/tenants/1234556 HTTP/1.1
Host: <not shown>:35357
X-Auth-Token: <not shown>
Content-Type: application/xml
Accept-Encoding: gzip, deflate, compress
Accept: application/xml
User-Agent: python-requests/2.2.1 CPython/2.7.4 Linux/3.11.0-17-generic
Content-Length: 245
<tenant enabled="false" name="ACME corp" id="1234556">
<description test=""></description>
</tenant>
Response
HTTP/1.1 500 Internal Server Error
Vary: X-Auth-Token
Content-Type: application/xml
Content-Length: 536
Date: Fri, 07 Mar 2014 21:16:52 GMT
<?xml version="1.0" encoding="UTF-8"?>
<error xmlns="http://docs.openstack.org/identity/api/v2.0"; message="An
unexpected error prevented the server from fulfilling your request.
(ProgrammingError) (1064, 'You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax to
use near \': "\'\'"} WHERE project.id = \'1234556\'\' at line 1')
'UPDATE project SET description=%s WHERE project.id = %s' ({u'test': u''},
'1234556')" code="500" title="Internal Server Error"/>
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1289590/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
