+horizon (2012.1.1-4) unstable; urgency=high
+
+ * CVE-2012-3540: added patch: Disallow login redirects to anywhere other than
+ the same origin (Closes: #686050).
+
+ -- Thomas Goirand <zigo@debian.org> Tue, 28 Aug 2012 03:05:44 +0000
+
horizon (2012.1.1-3) unstable; urgency=low
[ Thomas Goirand ]
--- /dev/null
+Description: Disallow login redirects to anywhere other than the same origin.
+Author: Paul McMillan <paul.mcmillan@nebula.com>
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/686050
+Bug-Ubuntu: https://launchpad.net/bugs/1039077
+
+--- horizon-2012.1.1.orig/horizon/views/auth_forms.py
++++ horizon-2012.1.1/horizon/views/auth_forms.py
+@@ -28,6 +28,7 @@ from django import shortcuts
+ from django.conf import settings
+ from django.contrib import messages
+ from django.contrib.auth import REDIRECT_FIELD_NAME
++from django.utils.http import same_origin
+ from django.utils.translation import ugettext as _
+ from keystoneclient import exceptions as keystone_exceptions
+
+@@ -94,7 +95,13 @@ class Login(forms.SelfHandlingForm):
+ request.session['region_endpoint'] = endpoint
+ request.session['region_name'] = region_name
+
+- redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, "")
++ redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, None)
++ # Make sure the requested redirect matches the protocol,
++ # domain, and port of this request
++ if redirect_to and not same_origin(
++ request.build_absolute_uri(redirect_to),
++ request.build_absolute_uri()):
++ redirect_to = None
+
+ if data.get('tenant', None):
+ try:
Code Review / openstack-build / horizon-build.git / commitdiff