Return-Path: X-Original-To: apmail-hawq-dev-archive@minotaur.apache.org Delivered-To: apmail-hawq-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A9BA018368 for ; Wed, 2 Dec 2015 22:28:42 +0000 (UTC) Received: (qmail 47487 invoked by uid 500); 2 Dec 2015 22:28:42 -0000 Delivered-To: apmail-hawq-dev-archive@hawq.apache.org Received: (qmail 47435 invoked by uid 500); 2 Dec 2015 22:28:42 -0000 Mailing-List: contact dev-help@hawq.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hawq.incubator.apache.org Delivered-To: mailing list dev@hawq.incubator.apache.org Received: (qmail 47420 invoked by uid 99); 2 Dec 2015 22:28:42 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2015 22:28:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id B9E07C0FDE for ; Wed, 2 Dec 2015 22:28:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.427 X-Spam-Level: X-Spam-Status: No, score=0.427 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.554, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id ny79J_WqUhKd for ; Wed, 2 Dec 2015 22:28:35 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with SMTP id 8567E42AD9 for ; Wed, 2 Dec 2015 22:28:34 +0000 (UTC) Received: (qmail 47354 invoked by uid 99); 2 Dec 2015 22:28:34 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2015 22:28:34 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id E779BE60D4; Wed, 2 Dec 2015 22:28:33 +0000 (UTC) From: hornn To: dev@hawq.incubator.apache.org Reply-To: dev@hawq.incubator.apache.org Message-ID: Subject: [GitHub] incubator-hawq pull request: HAWQ-190. Mask special characters in ... Content-Type: text/plain Date: Wed, 2 Dec 2015 22:28:33 +0000 (UTC) GitHub user hornn opened a pull request: https://github.com/apache/incubator-hawq/pull/151 HAWQ-190. Mask special characters in path to avoid XSS attacks. When trying to access a wrong resource name in PXF, an error message with the wrong path is emitted. We mask any special characters in the returned message to avoid cross-site scripting attacks. You can merge this pull request into a Git repository by running: $ git pull https://github.com/hornn/incubator-hawq HAWQ-190 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-hawq/pull/151.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #151 ---- commit 5e56b1d1926fa34b55d51d3bbe87a8ef5f2942cd Author: Noa Horn Date: 2015-12-02T22:27:26Z HAWQ-190. Mask special characters in path to avoid XSS attacks. When trying to access a wrong resource name in PXF, an error message with the wrong path is emitted. We mask any special characters in the returned message to avoid cross-site scripting attacks. ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---