You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ab...@apache.org on 2019/05/21 12:58:57 UTC
[ambari] branch branch-2.7 updated: AMBARI-25283 Ambari UI
evaluates Javascript embedded in user input when adding hosts,
adding remote clusters, and renaming the cluster. (ababiichuk)
This is an automated email from the ASF dual-hosted git repository.
ababiichuk pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 8817363 AMBARI-25283 Ambari UI evaluates Javascript embedded in user input when adding hosts, adding remote clusters, and renaming the cluster. (ababiichuk)
8817363 is described below
commit 881736325e9f2e63280070ef24698e5f896b6b80
Author: ababiichuk <ab...@hortonworks.com>
AuthorDate: Tue May 21 13:42:37 2019 +0300
AMBARI-25283 Ambari UI evaluates Javascript embedded in user input when adding hosts, adding remote clusters, and renaming the cluster. (ababiichuk)
---
.../app/scripts/controllers/clusters/ClusterInformationCtrl.js | 1 +
.../app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js | 1 +
.../app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js | 1 +
.../src/main/resources/ui/admin-web/app/scripts/i18n.config.js | 1 +
.../resources/ui/admin-web/app/views/clusters/clusterInformation.html | 3 ++-
.../ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html | 3 ++-
.../ui/admin-web/app/views/remoteClusters/remoteClusterPage.html | 3 ++-
ambari-web/app/controllers/wizard/step2_controller.js | 2 +-
8 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js
index 62eca96..0278133 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js
@@ -27,6 +27,7 @@ function($scope, $http, $location, Cluster, $routeParams, $translate, $rootScope
clusterName: null
};
$scope.isClusterNameEdited = false;
+ $scope.nameValidationPattern = /^\s*\w*\s*$/;
$scope.$watch(function() {
return $rootScope.cluster;
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js
index 0315a9e..c030a9b 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js
@@ -24,6 +24,7 @@ angular.module('ambariAdminConsole')
$scope.cluster = {};
$scope.nameValidationPattern = /^\s*\w*\s*$/;
+ $scope.urlValidationPattern = /^(https?|ftp):\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0 [...]
$scope.registerRemoteCluster = function () {
$scope.form.submitted = true;
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js
index 14726c8..8cc3273 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js
@@ -25,6 +25,7 @@ angular.module('ambariAdminConsole')
$scope.instancesAffected = [];
$scope.nameValidationPattern = /^\s*\w*\s*$/;
+ $scope.urlValidationPattern = /^(https?|ftp):\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0 [...]
$scope.openChangePwdDialog = function() {
var modalInstance = $modal.open({
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
index 42da1dd..cee8099 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
@@ -225,6 +225,7 @@ angular.module('ambariAdminConsole')
'views.alerts.noSpecialChars': 'Must not contain any special characters.',
'views.alerts.noSpecialCharsOrSpaces': 'Must not contain any special characters or spaces.',
+ 'views.alerts.invalidUrl': 'Must be a valid URL.',
'views.alerts.instanceExists': 'Instance with this name already exists.',
'views.alerts.notDefined': 'There are no {{term}} defined for this view.',
'views.alerts.cannotEditInstance': 'Cannot Edit Static Instances',
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html
index 17aa069..bb6cc2d 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html
@@ -49,6 +49,7 @@
name="clusterName"
ng-change="toggleSaveButton()"
ng-model="edit.clusterName"
+ ng-pattern="nameValidationPattern"
required
autofocus
ng-maxlength="100"
@@ -58,7 +59,7 @@
ng-class="{edited: isClusterNameEdited}">
<button
type="submit"
- ng-class="{'disabled': editClusterNameForm.clusterName.$invalid}"
+ ng-disabled="editClusterNameForm.clusterName.$invalid"
class="btn btn-default pull-right"
ng-show="isClusterNameEdited">
{{'common.controls.save' | translate}}
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html
index 846cbcb..abc8e99 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html
@@ -42,8 +42,9 @@
<div class="form-group" ng-class="{'has-error' : form.user_name.$error.required && form.submitted}">
<label for="clusterurl" class="col-sm-2 control-label">{{'users.ambariClusterURL' | translate}}*</label>
<div class="col-sm-10">
- <input type="text" id="clusterurl" class="form-control" name="cluster_url" placeholder="{{'users.ambariClusterURL' | translate}}" ng-model="cluster.cluster_url" required autocomplete="off">
+ <input type="text" id="clusterurl" class="form-control" ng-pattern="urlValidationPattern" name="cluster_url" placeholder="{{'users.ambariClusterURL' | translate}}" ng-model="cluster.cluster_url" required autocomplete="off">
<div class="alert alert-danger top-margin" ng-show="form.cluster_url.$error.required && form.submitted"> {{'common.alerts.fieldIsRequired' | translate}}</div>
+ <div class="alert alert-danger top-margin" ng-show="form.cluster_url.$error.pattern && form.submitted"> {{'views.alerts.invalidUrl' | translate}}</div>
</div>
</div>
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html
index a780b8f..621af0c 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html
@@ -34,8 +34,9 @@
<div class="form-group" ng-class="{'has-error' : form.user_name.$error.required && form.submitted}">
<label for="clusterurl" class="col-sm-2 control-label">{{'users.ambariClusterURL' | translate}}*</label>
<div class="col-sm-10">
- <input type="text" id="clusterurl" class="form-control" name="cluster_url" placeholder="{{'remoteClusters.clusterURLPlaceholder' | translate}}" ng-model="cluster.cluster_url" required autocomplete="off">
+ <input type="text" id="clusterurl" class="form-control" ng-pattern="urlValidationPattern" name="cluster_url" placeholder="{{'remoteClusters.clusterURLPlaceholder' | translate}}" ng-model="cluster.cluster_url" required autocomplete="off">
<div class="alert alert-danger top-margin" ng-show="form.cluster_url.$error.required && form.submitted"> {{'common.alerts.fieldIsRequired' | translate}}</div>
+ <div class="alert alert-danger top-margin" ng-show="form.cluster_url.$error.pattern && form.submitted"> {{'views.alerts.invalidUrl' | translate}}</div>
</div>
</div>
diff --git a/ambari-web/app/controllers/wizard/step2_controller.js b/ambari-web/app/controllers/wizard/step2_controller.js
index 832e49f..87d52d8 100644
--- a/ambari-web/app/controllers/wizard/step2_controller.js
+++ b/ambari-web/app/controllers/wizard/step2_controller.js
@@ -213,7 +213,7 @@ App.WizardStep2Controller = Em.Controller.extend({
this.get('invalidHostNames').clear();
this.get('hostNameArr').forEach(function (hostName) {
if (!validator.isHostname(hostName)) {
- this.get('invalidHostNames').push(hostName);
+ this.get('invalidHostNames').push(encodeURIComponent(hostName));
result = false;
}
}, this);