Bug #5881 » 0001-fixes-5881-XSS-from-create-update-destroy-notificati.patch
| app/controllers/application_controller.rb | ||
|---|---|---|
|
end
|
||
|
def notice notice
|
||
|
flash[:notice] = notice
|
||
|
flash[:notice] = CGI::escapeHTML(notice)
|
||
|
end
|
||
|
def error error
|
||
|
flash[:error] = error
|
||
|
flash[:error] = CGI::escapeHTML(error)
|
||
|
end
|
||
|
def warning warning
|
||
|
flash[:warning] = warning
|
||
|
flash[:warning] = CGI::escapeHTML(warning)
|
||
|
end
|
||
|
# this method is used with nested resources, where obj_id is passed into the parameters hash.
|
||
| ... | ... | |
|
hash[:error_msg] = [hash[:error_msg]].flatten
|
||
|
hash[:error_msg] = hash[:error_msg].join("<br/>")
|
||
|
if hash[:render]
|
||
|
flash.now[:error] = hash[:error_msg] unless hash[:error_msg].empty?
|
||
|
flash.now[:error] = CGI::escapeHTML(hash[:error_msg]) unless hash[:error_msg].empty?
|
||
|
render hash[:render]
|
||
|
return
|
||
|
elsif hash[:redirect]
|
||
| app/controllers/concerns/foreman/controller/taxonomies_controller.rb | ||
|---|---|---|
|
process_error
|
||
|
end
|
||
|
rescue Ancestry::AncestryException
|
||
|
flash[:error] = _('Cannot delete %{current} because it has nested %{sti_name}.') % { :current => @taxonomy.title, :sti_name => @taxonomy.sti_name }
|
||
|
process_error
|
||
|
process_error(:error_msg => _('Cannot delete %{current} because it has nested %{sti_name}.') % { :current => @taxonomy.title, :sti_name => @taxonomy.sti_name })
|
||
|
end
|
||
|
def select
|
||
| app/controllers/hostgroups_controller.rb | ||
|---|---|---|
|
process_error
|
||
|
end
|
||
|
rescue Ancestry::AncestryException
|
||
|
flash[:error] = _("Cannot delete group %{current} because it has nested groups.") % { :current => @hostgroup.title }
|
||
|
process_error
|
||
|
process_error(:error_msg => ("Cannot delete group %{current} because it has nested groups.") % { :current => @hostgroup.title } )
|
||
|
end
|
||
|
end
|
||
| app/controllers/roles_controller.rb | ||
|---|---|---|
|
def clone
|
||
|
@cloned_role = true
|
||
|
@original_role_id = @role.id
|
||
|
flash[:notice] = _("Role cloned from role %{old_name}") %
|
||
|
{ :old_name => @role.name }
|
||
|
notice(_("Role cloned from role %{old_name}") % { :old_name => @role.name })
|
||
|
@role = Role.new
|
||
|
render :action => :new
|
||
|
end
|
||
| test/functional/smart_proxies_controller_test.rb | ||
|---|---|---|
|
def test_refresh_fail
|
||
|
proxy = smart_proxies(:one)
|
||
|
errors = ActiveModel::Errors.new(Host::Managed.new)
|
||
|
errors.add :base, "Unable to communicate with the proxy: it's down"
|
||
|
errors.add :base, "Unable to communicate with the proxy: it is down"
|
||
|
SmartProxy.any_instance.stubs(:errors).returns(errors)
|
||
|
SmartProxy.any_instance.stubs(:associate_features).returns(true)
|
||
|
post :refresh, {:id => proxy}, set_session_user
|
||
|
assert_redirected_to smart_proxies_url
|
||
|
assert_equal "Unable to communicate with the proxy: it's down", flash[:error]
|
||
|
assert_equal "Unable to communicate with the proxy: it is down", flash[:error]
|
||
|
end
|
||
|
test "should search by name" do
|
||