← Back to branch summary

~andreserl/+junk/cobbler

« back to all changes in this revision

Viewing changes to .pc/59_add_csrf_protection.patch/web/cobbler_web/templates/snippet_edit.tmpl

  • Committer: Andres Rodriguez
  • Date: 2011-12-09 17:39:33 UTC
  • mfrom: (50.1.5 trunk)
  • Revision ID: andreserl@ubuntu.com-20111209173933-6mel1k0noqjd1vad
Tags: 2.1.0+git20110602-0ubuntu26.2
https://launchpad.net/bugs/858860
https://launchpad.net/bugs/858875
https://launchpad.net/bugs/858878
https://launchpad.net/bugs/858883
https://launchpad.net/bugs/863755
* SECURITY UPDATE: arbitrary code execution via PYTHON_EGG_CACHE in insecure
  location (LP: #858875)
  - debian/patches/58_fix_egg_cache.patch: move PYTHON_EGG_CACHE to
    /var/lib/cobbler/webui_cache (copied from fix to precise).
* SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
  - debian/patches/59_add_csrf_protection.patch: use Django's built-in
    CSRF protection (taken from upstream).
* SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
  - debian/patches/60_yaml_safe_load.patch: use yaml.safe_load instead of
    yaml.load (taken from upstream).
* SECURITY UPDATE: users.digest file is world readable (LP: #858860)
  - debian/cobbler.postinst: create /etc/cobbler/users.digest as 600
* SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
  - debian/cobbler.postinst: fix permissions on webui_{sessions,cache} to
    0700

Show diffs side-by-side

added added

removed removed

Lines of Context:
.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/snippet_edit.tmpl
 
1
{% extends 'master.tmpl' %}
 
2
{% block content %}
 
3
 
 
4
{% if not editable %}
 
5
<blockquote>
 
6
NOTE: You do not have permission to make changes to this
 
7
snippet and can only read it.  
 
8
 
 
9
Contact your Cobbler server administrator
 
10
if you need to resolve this.
 
11
</blockquote>
 
12
<br />
 
13
{% endif %}
 
14
<h1>{% ifequal editmode 'edit' %}Editing{% else %}Adding{% endifequal %} a Snippet</h1>
 
15
<hr />
 
16
<form id="snippetform" method="post" action="/cobbler_web/snippet/save">
 
17
  <ol>
 
18
    <li>
 
19
      <label for="snippetdata">{% if snippet_name %}Snippet: {{ snippet_name }}{% else %}Filename:{% endif %}</label>
 
20
{% ifnotequal editmode 'edit' %}
 
21
      <input type="text" name="snippet_name" id="snippet_name" />
 
22
      <span class="context-tip">Example:  foo.ks (to be saved in /var/lib/cobbler/snippets/)</span>
 
23
{% else %}
 
24
      <input type="hidden" name="snippet_name" value="{{ snippet_name }}" />
 
25
{% endifnotequal %}
 
26
    </li> 
 
27
    <li>
 
28
      <pre><textarea name="snippetdata" id="snippetdata">{{ snippetdata }}</textarea></pre>
 
29
    </li>
 
30
{% if deleteable %}
 
31
    <li>
 
32
      <label class="delete" for="delete1">Delete</label>
 
33
      <input type="checkbox" name="delete1" value="delete1" />
 
34
      <label class="delete" for="delete2">Really?</label>
 
35
      <input type="checkbox" name="delete2" value="delete2" />
 
36
      <span class="context-tip">Check both buttons and click save to delete this object</span>
 
37
    </li>
 
38
{% else %}
 
39
  {% ifequal editmode "edit" %}
 
40
    <li>
 
41
      <span class="warn">NOTE: This kickstart template is currently in-use.</span>
 
42
    </li>
 
43
  {% endifequal %}
 
44
{% endif %}
 
45
{% if editable %}
 
46
    <li>
 
47
      <input type="hidden" name="editmode" value="{{ editmode }}" />
 
48
      <input class="button" type="submit" name="submit" value="Save" />
 
49
      <input class="button" type="reset" name="reset" value="Reset" />
 
50
    </li>
 
51
{% endif %}
 
52
  </ol>
 
53
</form>
 
54
{% endblock content %}