Change in ovirt-engine[ovirt-engine-4.0]: image upload: don't expose resource ID to entity updates.
Code Review
gerrit at ovirt.org
Thu Nov 3 09:48:53 UTC 2016
>From Tal Nisan <tnisan at redhat.com>:
Tal Nisan has submitted this change and it was merged.
Change subject: image upload: don't expose resource ID to entity updates.
......................................................................
image upload: don't expose resource ID to entity updates.
Resource ID is used for identifying the upload tickets. once the
ability of clearing it is exposed for the frontend/REST, it can
potentially cause loss of a transfer session, opening up security risks.
Remove this member from the image transfer updates entity, and set it as
a parameter for the backend ImageTransferUpdater class.
Change-Id: Iee39b43faea82a4737919de0c39acba4b2b60b26
Signed-off-by: Amit Aviram <aaviram at redhat.com>
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/ImageTransferUpdater.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/UploadImageCommand.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/UploadImageStatusCommand.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/UploadImageStatusParameters.java
D backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/storage/ImageTransferUpdates.java
M frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/storage/UploadImageModel.java
7 files changed, 24 insertions(+), 79 deletions(-)
Approvals:
Jenkins CI: Passed CI tests
Allon Mureinik: Looks good to me, approved
Amit Aviram: Verified
--
To view, visit https://gerrit.ovirt.org/65958
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iee39b43faea82a4737919de0c39acba4b2b60b26
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-4.0
Gerrit-Owner: Amit Aviram <aaviram at redhat.com>
Gerrit-Reviewer: Allon Mureinik <amureini at redhat.com>
Gerrit-Reviewer: Amit Aviram <aaviram at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Tal Nisan <tnisan at redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation at ovirt.org>
More information about the Engine-commits
mailing list