Project

General

Profile

Bug #13592

Partial ../overrides/foreman/activation_keys/_host_tab accessed outside of view paths

Added by Dominic Cleal over 6 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Web UI
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

This test fails on Rails 4.1.14.1, which indicates a partial is used outside of the known view paths. This is considered a security vulnerability in ActionView and is blocked. It will also be blocked in Rails 3.2.22.1 (due to be in 1.10-stable, #13372).

ActionView::Template::Error: Missing partial ../overrides/foreman/activation_keys/_host_tab with {:locale=>[:en], :formats=>[:html], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby, :rabl]}. Searched in:
  * "/var/lib/workspace/workspace/test_katello_core/database/postgresql/ruby/2.2/slave/fast/foreman/app/views" 
  * "/var/lib/workspace/workspace/test_katello_core/database/postgresql/ruby/2.2/slave/fast/plugin/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/bastion-3.1.0/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/foreman_docker-2.0.1/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/foreman-tasks-0.7.12/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/apipie-rails-0.3.5/app/views" 

    app/views/hostgroups/new.html.erb:3:in `_0115ed2f2717a4ab9cd1abb2337960e6'
    app/controllers/concerns/application_shared.rb:13:in `set_timezone'
    app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
    /var/lib/workspace/workspace/test_katello_core/database/postgresql/ruby/2.2/slave/fast/plugin/test/controllers/foreman/hostgroups_controller_test.rb:16:in `test_new' (ActionView::Template::Error)

Related issues

Blocks Foreman - Bug #13372: Update Rails to 3.2.22.1Rejected2016-01-26
Blocks Foreman - Feature #12873: Update Rails to 4.1.latestClosed2015-12-18

Associated revisions

Revision 49354884 (diff)
Added by David Davis over 6 years ago

Fixes #13592 - Move override views under app/views

Revision 0e18c56c
Added by David Davis over 6 years ago

Merge pull request #5771 from daviddavis/temp/20160211093942

Fixes #13592 - Move override views under app/views

History

#1 Updated by Dominic Cleal over 6 years ago

  • Blocks Bug #13372: Update Rails to 3.2.22.1 added

#2 Updated by Dominic Cleal over 6 years ago

#3 Updated by David Davis over 6 years ago

  • Assignee set to David Davis

#4 Updated by David Davis over 6 years ago

  • Status changed from New to Assigned

#5 Updated by The Foreman Bot over 6 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/5771 added

#6 Updated by David Davis over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#7 Updated by Eric Helms over 6 years ago

  • Legacy Backlogs Release (now unused) set to 86

#8 Updated by Eric Helms over 6 years ago

  • Legacy Backlogs Release (now unused) changed from 86 to 150

Also available in: Atom PDF