You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by rk...@apache.org on 2016/03/30 02:24:43 UTC
oozie git commit: OOZIE-2492 JSON security issue in js code (fdenes
via rkanter)
Repository: oozie
Updated Branches:
refs/heads/master ed6a85232 -> ae2c3009a
OOZIE-2492 JSON security issue in js code (fdenes via rkanter)
Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/ae2c3009
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/ae2c3009
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/ae2c3009
Branch: refs/heads/master
Commit: ae2c3009a3a2ca1920b0896dfce71e15d24ea985
Parents: ed6a852
Author: Robert Kanter <rk...@cloudera.com>
Authored: Tue Mar 29 17:24:27 2016 -0700
Committer: Robert Kanter <rk...@cloudera.com>
Committed: Tue Mar 29 17:24:27 2016 -0700
----------------------------------------------------------------------
release-log.txt | 1 +
webapp/src/main/webapp/oozie-console.js | 24 ++++++++++++------------
2 files changed, 13 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/oozie/blob/ae2c3009/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 9341014..b7402be 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 4.3.0 release (trunk - unreleased)
+OOZIE-2492 JSON security issue in js code (fdenes via rkanter)
OOZIE-2429 TestEventGeneration test is flakey (fdenes via rkanter)
OOZIE-2466 Repeated failure of TestMetricsInstrumentation.testSamplers (fdenes via rkanter)
OOZIE-2470 Remove infinite socket timeouts in the Oozie email action (harsh)
http://git-wip-us.apache.org/repos/asf/oozie/blob/ae2c3009/webapp/src/main/webapp/oozie-console.js
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/oozie-console.js b/webapp/src/main/webapp/oozie-console.js
index bd18506..31dcc3d 100644
--- a/webapp/src/main/webapp/oozie-console.js
+++ b/webapp/src/main/webapp/oozie-console.js
@@ -448,7 +448,7 @@ function jobDetailsPopup(response, request) {
getLogs(getOozieBase() + 'job/' + workflowId + "?show=log", searchFilterBox.getValue(), logStatus, jobLogArea, false, null);
}
- var jobDetails = eval("(" + response.responseText + ")");
+ var jobDetails = JSON.parse(response.responseText);
var workflowId = jobDetails["id"];
var appName = jobDetails["appName"];
var jobActionStatus = new Ext.data.JsonStore({
@@ -556,7 +556,7 @@ function jobDetailsPopup(response, request) {
url: getOozieBase() + 'job/' + workflowId + "?timezone=" + getTimeZone(),
timeout: 300000,
success: function(response, request) {
- jobDetails = eval("(" + response.responseText + ")");
+ jobDetails = JSON.parse(response.responseText);
jobActionStatus.loadData(jobDetails["actions"]);
fs.getForm().setValues(jobDetails);
}
@@ -826,7 +826,7 @@ function jobDetailsPopup(response, request) {
url: getOozieBase() + 'job/' + actionId + "?timezone=" + getTimeZone(),
timeout: 300000,
success: function(response, request) {
- var results = eval("(" + response.responseText + ")");
+ var results = JSON.parse(response.responseText);
detail.getForm().setValues(results);
urlUnit.getForm().setValues(results);
populateUrlUnit(results, urlUnit);
@@ -1110,7 +1110,7 @@ function coordJobDetailsPopup(response, request) {
auditLogStatus, jobAuditLogArea, true, null);
}
- var jobDetails = eval("(" + response.responseText + ")");
+ var jobDetails = JSON.parse(response.responseText);
var coordJobId = jobDetails["coordJobId"];
var appName = jobDetails["coordJobName"];
var jobActionStatus = new Ext.data.JsonStore({
@@ -1228,7 +1228,7 @@ function coordJobDetailsPopup(response, request) {
url: getOozieBase() + 'job/' + coordJobId + "?timezone=" + getTimeZone() + "&offset=0&len=0",
timeout: 300000,
success: function(response, request) {
- jobDetails = eval("(" + response.responseText + ")");
+ jobDetails = JSON.parse(response.responseText);
fs.getForm().setValues(jobDetails);
jobActionStatus.reload();
}
@@ -1612,7 +1612,7 @@ function bundleJobDetailsPopup(response, request) {
emptyText: "Loading..."
});
- var jobDetails = eval("(" + response.responseText + ")");
+ var jobDetails = JSON.parse(response.responseText);
var bundleJobId = jobDetails["bundleJobId"];
var bundleJobName = jobDetails["bundleJobName"];
var jobActionStatus = new Ext.data.JsonStore({
@@ -1682,7 +1682,7 @@ function bundleJobDetailsPopup(response, request) {
url: getOozieBase() + 'job/' + bundleJobId + "?timezone=" + getTimeZone(),
timeout: 300000,
success: function(response, request) {
- jobDetails = eval("(" + response.responseText + ")");
+ jobDetails = JSON.parse(response.responseText);
jobActionStatus.loadData(jobDetails["bundleCoordJobs"]);
fs.getForm().setValues(jobDetails);
}
@@ -2087,7 +2087,7 @@ function getConfigObject(responseTxt) {
var fo = {
elements: []
};
- var responseObj = eval('(' + responseTxt + ')');
+ var responseObj = JSON.parse(responseTxt);
var j = 0;
for (var i in responseObj) {
fo.elements[j] = {};
@@ -2384,7 +2384,7 @@ var checkStatus = new Ext.Action({
Ext.Ajax.request({
url: getOozieBase() + 'admin/status',
success: function(response, request) {
- var status = eval("(" + response.responseText + ")");
+ var status = JSON.parse(response.responseText);
if (status.safeMode) {
checkStatus.setText("<font color='700000' size='2> Safe Mode - ON </font>");
}
@@ -2403,7 +2403,7 @@ var serverVersion = new Ext.Action({
Ext.Ajax.request({
url: getOozieBase() + 'admin/build-version',
success: function(response, request) {
- var ret = eval("(" + response.responseText + ")");
+ var ret = JSON.parse(response.responseText);
serverVersion.setText("<font size='2'>Server version [" + ret['buildVersion'] + "]</font>");
}
});
@@ -2431,7 +2431,7 @@ var viewInstrumentation = new Ext.Action({
Ext.Ajax.request({
url: getOozieBase() + 'admin/instrumentation',
success: function(response, request) {
- var jsonData = eval("(" + response.responseText + ")");
+ var jsonData = JSON.parse(response.responseText);
var timers = treeNodeFromJsonInstrumentation(jsonData["timers"], "timers");
timers.expanded = false;
var samplers = treeNodeFromJsonInstrumentation(jsonData["samplers"], "samplers");
@@ -2462,7 +2462,7 @@ var viewMetrics = new Ext.Action({
Ext.Ajax.request({
url: getOozieBase() + 'admin/metrics',
success: function(response, request) {
- var jsonData = eval("(" + response.responseText + ")");
+ var jsonData = JSON.parse(response.responseText);
var timers = treeNodeFromJsonMetrics(jsonData["timers"], "timers");
timers.expanded = false;
var histograms = treeNodeFromJsonMetrics(jsonData["histograms"], "histograms");