← Back to branch summary

~andreserl/+junk/cobbler

« back to all changes in this revision

Viewing changes to web/cobbler_web/templates/master.tmpl

  • Committer: Andres Rodriguez
  • Date: 2011-12-09 17:39:33 UTC
  • mfrom: (50.1.5 trunk)
  • Revision ID: andreserl@ubuntu.com-20111209173933-6mel1k0noqjd1vad
Tags: 2.1.0+git20110602-0ubuntu26.2
https://launchpad.net/bugs/858860
https://launchpad.net/bugs/858875
https://launchpad.net/bugs/858878
https://launchpad.net/bugs/858883
https://launchpad.net/bugs/863755
* SECURITY UPDATE: arbitrary code execution via PYTHON_EGG_CACHE in insecure
  location (LP: #858875)
  - debian/patches/58_fix_egg_cache.patch: move PYTHON_EGG_CACHE to
    /var/lib/cobbler/webui_cache (copied from fix to precise).
* SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
  - debian/patches/59_add_csrf_protection.patch: use Django's built-in
    CSRF protection (taken from upstream).
* SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
  - debian/patches/60_yaml_safe_load.patch: use yaml.safe_load instead of
    yaml.load (taken from upstream).
* SECURITY UPDATE: users.digest file is world readable (LP: #858860)
  - debian/cobbler.postinst: create /etc/cobbler/users.digest as 600
* SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
  - debian/cobbler.postinst: fix permissions on webui_{sessions,cache} to
    0700

Show diffs side-by-side

added added

removed removed

Lines of Context:
web/cobbler_web/templates/master.tmpl
14
14
<div id="container">
15
15
  <div id='user'>
16
16
    <input type="hidden" name="username" id="username" value="{{ username }}" />
17
 
    Logged in: <b>{{ username }}</b> <a class="action" href="/cobbler_web/logout">Logout</a>
 
17
    Logged in: <b>{{ username }}</b> <a class="action" href="javascript:menuaction('/cobbler_web/logout');">Logout</a>
18
18
  </div>
19
19
    <div id="menubar">
20
20
      <big><b>Orchestra</b></big><br/><i>powered by <a href="https://fedorahosted.org/cobbler/">Cobbler</a></i><br/><br/>
 
21
      <form id="menuaction" method="POST" action="">{% csrf_token %}</form>
 
22
      <script type="text/javascript">
 
23
      function menuaction(action) {
 
24
         document.forms["menuaction"].action = action
 
25
         document.forms["menuaction"].submit();
 
26
      }
 
27
      </script>
21
28
      <h1>Configuration</h1>
22
29
      <ul>
23
30
        <li><a href="/cobbler_web/distro/list" class="edit">Distros</a></li>
37
44
      <h1>Actions</h1>
38
45
      <ul>
39
46
        <li><a href="/cobbler_web/import/prompt">Import DVD</a></li>
40
 
        <li><a href="/cobbler_web/sync">Sync</a> ☼</li>
41
 
        <li><a href="/cobbler_web/reposync">Reposync</a> ☼ </li>
42
 
        <li><a href="/cobbler_web/hardlink">Hardlink</a> ☼ </li>
43
 
        <!-- <li><a href="/cobbler_web/replicate">Replicate</a> ☼ </li> -->
44
 
        <li><a href="/cobbler_web/buildiso">Build ISO</a> ☼ </li>
 
47
        <li><a href="javascript:menuaction('/cobbler_web/sync');">Sync</a> ☼</li>
 
48
        <li><a href="javascript:menuaction('/cobbler_web/reposync');"">Reposync</a> ☼ </li>
 
49
        <li><a href="javascript:menuaction('/cobbler_web/hardlink');"">Hardlink</a> ☼ </li>
 
50
        <!-- <li><a href="javascript:menuaction('/cobbler_web/replicate');"">Replicate</a> ☼ </li> -->
 
51
        <li><a href="javascript:menuaction('/cobbler_web/buildiso');">Build ISO</a> ☼ </li>
45
52
      </ul>
46
53
      <h1>Cobbler</h1>
47
54
      <ul>