[Kimchi-devel] [PATCH] bug fix: Avoid equals sign in VM console URL
Daniel H Barboza
danielhb at linux.vnet.ibm.com
Mon Jul 28 12:24:54 UTC 2014
Reviewed-by: Daniel Barboza <danielhb at linux.vnet.ibm.com>
On 07/25/2014 06:01 PM, alinefm at linux.vnet.ibm.com wrote:
> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>
> From python documentation, base64.urlsafe_b64encode(s) substitutes - instead
> of + and _ instead of / in the standard Base64 alphabet, BUT the result can
> still contain = which is not safe in a URL query component.
> As token value is not decoded nowhere, replace = by A
>
> The problem with equals sign was only identified on Spice connections.
> noVNC can deal well with that.
>
> For reference: https://docs.python.org/2/library/base64.html
>
> Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
> ---
> src/kimchi/vnc.py | 9 ++++++++-
> ui/js/src/kimchi.api.js | 18 ++++++++++++++++--
> 2 files changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
> index 9380e21..4159049 100644
> --- a/src/kimchi/vnc.py
> +++ b/src/kimchi/vnc.py
> @@ -54,7 +54,14 @@ def new_ws_proxy():
>
> def add_proxy_token(name, port):
> with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
> - name = base64.urlsafe_b64encode(name)
> + """
> + From python documentation base64.urlsafe_b64encode(s)
> + substitutes - instead of + and _ instead of / in the
> + standard Base64 alphabet, BUT the result can still
> + contain = which is not safe in a URL query component.
> + As token value is not decoded nowhere, replace = by A
> + """
> + name = base64.urlsafe_b64encode(name).replace('=', 'A')
> f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
>
>
> diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
> index 8f5b68f..30360c5 100644
> --- a/ui/js/src/kimchi.api.js
> +++ b/ui/js/src/kimchi.api.js
> @@ -352,7 +352,14 @@ var kimchi = {
> }).done(function() {
> url = 'https://' + location.hostname + ':' + proxy_port;
> url += "/console.html?url=vnc_auto.html&port=" + proxy_port;
> - url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
> + /*
> + * From python documentation base64.urlsafe_b64encode(s)
> + * substitutes - instead of + and _ instead of / in the
> + * standard Base64 alphabet, BUT the result can still
> + * contain = which is not safe in a URL query component.
> + * As token value is not decoded nowhere, replace = by A
> + * */
> + url += "&path=?token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A');
> url += "&kimchi=" + location.port;
> url += '&encrypt=1';
> window.open(url);
> @@ -377,7 +384,14 @@ var kimchi = {
> url = 'https://' + location.hostname + ':' + proxy_port;
> url += "/console.html?url=spice.html&port=" + proxy_port;
> url += "&listen=" + location.hostname;
> - url += "&token=" + kimchi.urlSafeB64Encode(vm);
> + /*
> + * From python documentation base64.urlsafe_b64encode(s)
> + * substitutes - instead of + and _ instead of / in the
> + * standard Base64 alphabet, BUT the result can still
> + * contain = which is not safe in a URL query component.
> + * As token value is not decoded nowhere, replace = by A
> + * */
> + url += "&token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A');
> url += "&kimchi=" + location.port;
> url += '&encrypt=1';
> window.open(url);
More information about the Kimchi-devel
mailing list