Bug #5881 » 0001-fixes-5881-XSS-from-create-update-destroy-notificati.patch
| app/controllers/application_controller.rb | ||
|---|---|---|
|
end
|
||
|
def notice notice
|
||
|
flash[:notice] = notice
|
||
|
flash[:notice] = ActionController::Base.helpers.sanitize(notice)
|
||
|
end
|
||
|
def error error
|
||
|
flash[:error] = error
|
||
|
flash[:error] = ActionController::Base.helpers.sanitize(error)
|
||
|
end
|
||
|
def warning warning
|
||
|
flash[:warning] = warning
|
||
|
flash[:warning] = ActionController::Base.helpers.sanitize(warning)
|
||
|
end
|
||
|
# this method is used with nested resources, where obj_id is passed into the parameters hash.
|
||
| ... | ... | |
|
hash[:error_msg] = [hash[:error_msg]].flatten
|
||
|
hash[:error_msg] = hash[:error_msg].join("<br/>")
|
||
|
if hash[:render]
|
||
|
flash.now[:error] = hash[:error_msg] unless hash[:error_msg].empty?
|
||
|
flash.now[:error] = ActionController::Base.helpers.sanitize(hash[:error_msg]) unless hash[:error_msg].empty?
|
||
|
render hash[:render]
|
||
|
return
|
||
|
elsif hash[:redirect]
|
||
| app/controllers/concerns/foreman/controller/taxonomies_controller.rb | ||
|---|---|---|
|
process_error
|
||
|
end
|
||
|
rescue Ancestry::AncestryException
|
||
|
flash[:error] = _('Cannot delete %{current} because it has nested %{sti_name}.') % { :current => @taxonomy.title, :sti_name => @taxonomy.sti_name }
|
||
|
process_error
|
||
|
process_error(:error_msg => _('Cannot delete %{current} because it has nested %{sti_name}.') % { :current => @taxonomy.title, :sti_name => @taxonomy.sti_name })
|
||
|
end
|
||
|
def select
|
||
| app/controllers/hostgroups_controller.rb | ||
|---|---|---|
|
process_error
|
||
|
end
|
||
|
rescue Ancestry::AncestryException
|
||
|
flash[:error] = _("Cannot delete group %{current} because it has nested groups.") % { :current => @hostgroup.title }
|
||
|
process_error
|
||
|
process_error(:error_msg => ("Cannot delete group %{current} because it has nested groups.") % { :current => @hostgroup.title } )
|
||
|
end
|
||
|
end
|
||
| app/controllers/roles_controller.rb | ||
|---|---|---|
|
def clone
|
||
|
@cloned_role = true
|
||
|
@original_role_id = @role.id
|
||
|
flash[:notice] = _("Role cloned from role %{old_name}") %
|
||
|
{ :old_name => @role.name }
|
||
|
notice(_("Role cloned from role %{old_name}") % { :old_name => @role.name })
|
||
|
@role = Role.new
|
||
|
render :action => :new
|
||
|
end
|
||