Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BDEF1110B4 for ; Fri, 8 Aug 2014 12:40:12 +0000 (UTC) Received: (qmail 97228 invoked by uid 500); 8 Aug 2014 12:40:12 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 97201 invoked by uid 500); 8 Aug 2014 12:40:12 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 97191 invoked by uid 500); 8 Aug 2014 12:40:12 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 97188 invoked by uid 99); 8 Aug 2014 12:40:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Aug 2014 12:40:12 +0000 Date: Fri, 8 Aug 2014 12:40:12 +0000 (UTC) From: "Rohit Yadav (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-5512) template format name checking is crude and doesn't work with advanced URLs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-5512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090716#comment-14090716 ] Rohit Yadav commented on CLOUDSTACK-5512: ----------------------------------------- [~shadowsor] Marcus, can you give example of a S3 pre-signed URL? Do you propose we remove the entire extension checking as one would be passing the template type anyway? Or, any other way you want to propose? Fix would be simple. > template format name checking is crude and doesn't work with advanced URLs > -------------------------------------------------------------------------- > > Key: CLOUDSTACK-5512 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5512 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Affects Versions: 4.0.0, 4.1.0, 4.2.0 > Reporter: Marcus Sorensen > Fix For: 4.4.0 > > > Template name checking currently just looks at the very end of the url string. e.g.: > private void checkFormat(String format, String url) { > if((!url.toLowerCase().endsWith("vhd")) > This breaks functionality such as registering a template via an S3 pre-signed URL, or anything where the file extension is not the last part of the URL. We should at least attempt to parse the URL for filename vs parameters. -- This message was sent by Atlassian JIRA (v6.2#6252)