[ https://issues.apache.org/jira/browse/CLOUDSTACK-863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13579729#comment-13579729 ]
ASF subversion and git services commented on CLOUDSTACK-863: ------------------------------------------------------------ Commit ed06c16944ec28b254a5f1c7acb9152c44918467 in branch refs/heads/4.1 from [~likithas] [ https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;h=ed06c16 ] CLOUDSTACK-863: Fix Non-printable characters in api call Non-printable characters results in empty pages for all users loading the corrupted object in the web interface. It also results in the API call results getting truncated with an error when it encounters the non-printable characters. Every decoded parameter value is checked for control character using OWASP's ESAPI library. Signed-off-by: Rohit Yadav <bhais...@apache.org> (cherry picked from commit 87b668b71b34c93e9ba85d4708a1c04f4020f6bf) Signed-off-by: Rohit Yadav <bhais...@apache.org> > Non-printable characters (ASCII control character) such as %00 or %0025 are > getting stored in raw/non encoded form in the database. > ----------------------------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-863 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-863 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: API > Affects Versions: 4.0.0 > Reporter: Likitha Shetty > Assignee: Likitha Shetty > Fix For: 4.1.0 > > Attachments: get.png, UI.jpg.jpeg > > > Non-printable characters such as %00 or %0025 are getting stored in raw/non > encoded form in the database. > It results in empty pages for all users loading the corrupted object in the > web interface (a corrupted Instance in this case - see attached UI.jpg.jpeg) > It also results in the API call results getting truncated with an error when > it encounters the non-printable characters -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira