From 841f0a26f423139a0871241884c508f8736cc7f0 Mon Sep 17 00:00:00 2001
From: Telles Nobrega <tenobreg@redhat.com>
Date: Fri, 1 Sep 2017 17:57:39 -0300
Subject: [PATCH] Fix issue creating NGT using dashboard

Since Django 1.10 a new property DATA_UPLOAD_MAX_NUMBER_FIELDS causes some
plugins to fail during NGT creation. This patch adds a file to override
this property for sahara dashboard.

Depends-On: Id4d15b8bd5f032ff457395af5d77b255b6077a2a
Change-Id: I29ec88d7c733d4a977867dc24e13eb8e98fbcc48
Closes-bug: #1714575
Co-Authored-By: ArchiFleKs <lefevre.kevin@gmail.com>
---
 devstack/plugin.sh                                         | 1 +
 .../django_data_upload_max_number-3fe39c838c275587.yaml    | 7 +++++++
 .../_12_toggle_data_upload_max_number_fields.py            | 2 ++
 3 files changed, 10 insertions(+)
 create mode 100644 releasenotes/notes/django_data_upload_max_number-3fe39c838c275587.yaml
 create mode 100644 sahara_dashboard/local_settings.d/_12_toggle_data_upload_max_number_fields.py

diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 1e24b28f..aa7475f6 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -8,6 +8,7 @@ function install_sahara_dashboard {
 
 function configure_sahara_dashboard {
     cp -a ${SAHARA_DASH_DIR}/sahara_dashboard/enabled/* ${DEST}/horizon/openstack_dashboard/local/enabled/
+    cp -a ${SAHARA_DASH_DIR}/sahara_dashboard/local_settings.d/* ${DEST}/horizon/openstack_dashboard/local/local_settings.d/
     # NOTE: If locale directory does not exist, compilemessages will fail,
     # so check for an existence of locale directory is required.
     if [ -d ${SAHARA_DASH_DIR}/sahara_dashboard/locale ]; then
diff --git a/releasenotes/notes/django_data_upload_max_number-3fe39c838c275587.yaml b/releasenotes/notes/django_data_upload_max_number-3fe39c838c275587.yaml
new file mode 100644
index 00000000..d361f0f2
--- /dev/null
+++ b/releasenotes/notes/django_data_upload_max_number-3fe39c838c275587.yaml
@@ -0,0 +1,7 @@
+---
+security:
+  - |
+    Django 1.10 introduced a new var : DATA_UPLOAD_MAX_NUMBER_FIELDS which
+    prevent DOS on data received via GET and POST methods. Default values
+    is set to 2000 instead of upstream default of 1000 to keep the security
+    feature and to not cause issue with the Sahara Dashboard forms.
diff --git a/sahara_dashboard/local_settings.d/_12_toggle_data_upload_max_number_fields.py b/sahara_dashboard/local_settings.d/_12_toggle_data_upload_max_number_fields.py
new file mode 100644
index 00000000..5778a42b
--- /dev/null
+++ b/sahara_dashboard/local_settings.d/_12_toggle_data_upload_max_number_fields.py
@@ -0,0 +1,2 @@
+# toggle DATA_UPLOAD_MAX_NUMBER_FIELDS
+DATA_UPLOAD_MAX_NUMBER_FIELDS = 2000