Files
@ ddad3be4dc44
Branch filter:
Location: kallithea/init.d/celeryd-upstart.conf - annotation
ddad3be4dc44
932 B
text/plain
changeset: fix XSS vulnerability in parent-child navigation
The 'Parent Rev.' - 'Child Rev.' links on changesets and in the file browser
normally immediately jump to the correct revision upon click. But, if there
are multiple candidates, e.g. two children of a commit, then a list of
revisions is shown as hyperlinks instead.
These hyperlinks have a 'title' attribute containing the full commit message
of the corresponding commit. When this commit message contains characters
special to HTML, like ", >, etc. they were added literally to the HTML code.
This can lead to a cross-site scripting (XSS) vulnerability when an attacker
has write access to a repository. They could craft a special commit message
that would introduce HTML and/or JavaScript code when the commit is listed
in such 'parent-child' navigation links.
Escape the commit message before using it further.
The 'Parent Rev.' - 'Child Rev.' links on changesets and in the file browser
normally immediately jump to the correct revision upon click. But, if there
are multiple candidates, e.g. two children of a commit, then a list of
revisions is shown as hyperlinks instead.
These hyperlinks have a 'title' attribute containing the full commit message
of the corresponding commit. When this commit message contains characters
special to HTML, like ", >, etc. they were added literally to the HTML code.
This can lead to a cross-site scripting (XSS) vulnerability when an attacker
has write access to a repository. They could craft a special commit message
that would introduce HTML and/or JavaScript code when the commit is listed
in such 'parent-child' navigation links.
Escape the commit message before using it further.
99ad9d0af1a3 58df0b3ed377 58df0b3ed377 58df0b3ed377 e285bb7abb28 e285bb7abb28 58df0b3ed377 99ad9d0af1a3 99ad9d0af1a3 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 99ad9d0af1a3 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 1d539bb18165 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 | # celeryd - run the celeryd daemon as an upstart job for kallithea
# Change variables/paths as necessary and place file /etc/init/celeryd.conf
# start/stop/restart as normal upstart job (ie: $ start celeryd)
description "Celery for Kallithea Mercurial Server"
author "Matt Zuba <matt.zuba@goodwillaz.org"
start on starting kallithea
stop on stopped kallithea
respawn
umask 0022
env PIDFILE=/tmp/celeryd.pid
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
# To use group (if different from user), you must edit sudoers file and change
# root's entry from (ALL) to (ALL:ALL)
# env GROUP=hg
script
COMMAND="/var/hg/.virtualenvs/kallithea/bin/kallithea-cli celery-run -c $APPINI -- --pidfile=$PIDFILE"
if [ -z "$GROUP" ]; then
exec sudo -u $USER $COMMAND
else
exec sudo -u $USER -g $GROUP $COMMAND
fi
end script
post-stop script
rm -f $PIDFILE
end script
|