0001-fixes-5881-XSS-from-create-update-destroy-notificati.patch
app/controllers/application_controller.rb | ||
---|---|---|
131 | 131 |
end |
132 | 132 | |
133 | 133 |
def notice notice |
134 |
flash[:notice] = notice
|
|
134 |
flash[:notice] = CGI::escapeHTML(notice)
|
|
135 | 135 |
end |
136 | 136 | |
137 | 137 |
def error error |
138 |
flash[:error] = error
|
|
138 |
flash[:error] = CGI::escapeHTML(error)
|
|
139 | 139 |
end |
140 | 140 | |
141 | 141 |
def warning warning |
142 |
flash[:warning] = warning
|
|
142 |
flash[:warning] = CGI::escapeHTML(warning)
|
|
143 | 143 |
end |
144 | 144 | |
145 | 145 |
# this method is used with nested resources, where obj_id is passed into the parameters hash. |
... | ... | |
283 | 283 |
hash[:error_msg] = [hash[:error_msg]].flatten |
284 | 284 |
hash[:error_msg] = hash[:error_msg].join("<br/>") |
285 | 285 |
if hash[:render] |
286 |
flash.now[:error] = hash[:error_msg] unless hash[:error_msg].empty?
|
|
286 |
flash.now[:error] = CGI::escapeHTML(hash[:error_msg]) unless hash[:error_msg].empty?
|
|
287 | 287 |
render hash[:render] |
288 | 288 |
return |
289 | 289 |
elsif hash[:redirect] |
app/controllers/hostgroups_controller.rb | ||
---|---|---|
84 | 84 |
process_error |
85 | 85 |
end |
86 | 86 |
rescue Ancestry::AncestryException |
87 |
flash[:error] = _("Cannot delete group %{current} because it has nested groups.") % { :current => @hostgroup.label } |
|
88 |
process_error |
|
87 |
process_error(:error_msg => ("Cannot delete group %{current} because it has nested groups.") % { :current => @hostgroup.label } ) |
|
89 | 88 |
end |
90 | 89 |
end |
91 | 90 |
test/functional/smart_proxies_controller_test.rb | ||
---|---|---|
70 | 70 |
def test_refresh_fail |
71 | 71 |
proxy = smart_proxies(:one) |
72 | 72 |
errors = ActiveModel::Errors.new(Host::Managed.new) |
73 |
errors.add :base, "Unable to communicate with the proxy: it's down"
|
|
73 |
errors.add :base, "Unable to communicate with the proxy: it is down"
|
|
74 | 74 |
SmartProxy.any_instance.stubs(:errors).returns(errors) |
75 | 75 |
SmartProxy.any_instance.stubs(:associate_features).returns(true) |
76 | 76 |
post :refresh, {:id => proxy}, set_session_user |
77 | 77 |
assert_redirected_to smart_proxies_url |
78 |
assert_equal "Unable to communicate with the proxy: it's down", flash[:error]
|
|
78 |
assert_equal "Unable to communicate with the proxy: it is down", flash[:error]
|
|
79 | 79 |
end |
80 | 80 | |
81 | 81 |
end |
82 |
- |