Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/dev-python/notebook/files/notebook-4.0.4-Don-t-redirect-from-edit-to-files.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/notebook/files/notebook-4.0.4-Don-t-redirect-from-edit-to-files.patch')
-rw-r--r--dev-python/notebook/files/notebook-4.0.4-Don-t-redirect-from-edit-to-files.patch55
1 files changed, 55 insertions, 0 deletions
diff --git a/dev-python/notebook/files/notebook-4.0.4-Don-t-redirect-from-edit-to-files.patch b/dev-python/notebook/files/notebook-4.0.4-Don-t-redirect-from-edit-to-files.patch
new file mode 100644
index 000000000..76d0e61e4
--- /dev/null
+++ b/dev-python/notebook/files/notebook-4.0.4-Don-t-redirect-from-edit-to-files.patch
@@ -0,0 +1,55 @@
+Upstream patch to fix
+"Maliciously crafted text files in IPython/Jupyter editor".
+
+http://seclists.org/oss-sec/2015/q3/558
+https://bugs.gentoo.org/show_bug.cgi?id=560708
+
+
+From 23162fd2895ad7445fdbe095b8fc8633d95ec6e6 Mon Sep 17 00:00:00 2001
+From: Min RK <benjaminrk@gmail.com>
+Date: Mon, 20 Jul 2015 12:11:23 -0700
+Subject: [PATCH 4/4] Don't redirect from /edit/ to /files/
+
+show failure to decode, instead
+---
+ notebook/static/edit/js/editor.js | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/notebook/static/edit/js/editor.js b/notebook/static/edit/js/editor.js
+index ddbc2de..421fa57 100644
+--- a/notebook/static/edit/js/editor.js
++++ b/notebook/static/edit/js/editor.js
+@@ -90,19 +90,10 @@ function($,
+ }).catch(
+ function(error) {
+ that.events.trigger("file_load_failed.Editor", error);
+- if (((error.xhr||{}).responseJSON||{}).reason === 'bad format') {
+- window.location = utils.url_path_join(
+- that.base_url,
+- 'files',
+- that.file_path
+- );
+- } else {
+- console.warn('Error while loading: the error was:')
+- console.warn(error)
+- }
++ console.warn('Error loading: ', error);
+ cm.setValue("Error! " + error.message +
+ "\nSaving disabled.\nSee Console for more details.");
+- cm.setOption('readOnly','nocursor')
++ cm.setOption('readOnly','nocursor');
+ that.save_enabled = false;
+ }
+ );
+@@ -186,7 +177,7 @@ function($,
+ Editor.prototype._clean_state = function(){
+ var clean = this.codemirror.isClean(this.generation);
+ if (clean === this.clean){
+- return
++ return;
+ } else {
+ this.clean = clean;
+ }
+--
+2.4.6
+