This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-API] [PATCH] CA-46738: escape email body properly in vmpp alerts

To: xen-api <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-API] [PATCH] CA-46738: escape email body properly in vmpp alerts
From: Marcus Granado <marcus.granado@xxxxxxxxxx>
Date: Tue, 30 Nov 2010 18:50:05 +0000
Delivery-date: Tue, 30 Nov 2010 10:56:36 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mercurial-patchbomb/1.4.3
 ocaml/xapi/xapi_vmpp.ml |  8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1291142767 0
# Node ID 186c8e8b09f44d7d1edd6bd5ea301b1f4960f045
# Parent  696e40aae9cab86c97663cbfef6fc5ccf5a8c944
CA-46738: escape email body properly in vmpp alerts

Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>

diff -r 696e40aae9ca -r 186c8e8b09f4 ocaml/xapi/xapi_vmpp.ml
--- a/ocaml/xapi/xapi_vmpp.ml
+++ b/ocaml/xapi/xapi_vmpp.ml
@@ -61,7 +61,13 @@
   assert_licensed ~__context;
   let value = data in
   let msg = 
-    "<message><email>"^body^"</email><data>"^value^"</data></message>"
+               (* value is expected to be valid xml data,
+                  whereas body is not expected to be a valid xml string
+               *)
+    "<message><email>"
+               (* escape any invalid xml string *)
+               ^(Xml.to_string (Xml.PCData body))
+    ^"</email><data>"^value^"</data></message>"
   let successful = priority < 5L in
   if successful

Attachment: xen-api.hg.patch
Description: Text Data

xen-api mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-API] [PATCH] CA-46738: escape email body properly in vmpp alerts, Marcus Granado <=