Project

General

Profile

Actions

Bug #13592

closed

Partial ../overrides/foreman/activation_keys/_host_tab accessed outside of view paths

Added by Dominic Cleal over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Web UI
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

This test fails on Rails 4.1.14.1, which indicates a partial is used outside of the known view paths. This is considered a security vulnerability in ActionView and is blocked. It will also be blocked in Rails 3.2.22.1 (due to be in 1.10-stable, #13372).

ActionView::Template::Error: Missing partial ../overrides/foreman/activation_keys/_host_tab with {:locale=>[:en], :formats=>[:html], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby, :rabl]}. Searched in:
  * "/var/lib/workspace/workspace/test_katello_core/database/postgresql/ruby/2.2/slave/fast/foreman/app/views" 
  * "/var/lib/workspace/workspace/test_katello_core/database/postgresql/ruby/2.2/slave/fast/plugin/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/bastion-3.1.0/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/foreman_docker-2.0.1/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/foreman-tasks-0.7.12/app/views" 
  * "/usr/local/rvm/gems/ruby-2.2.3@test_katello_core-1/gems/apipie-rails-0.3.5/app/views" 

    app/views/hostgroups/new.html.erb:3:in `_0115ed2f2717a4ab9cd1abb2337960e6'
    app/controllers/concerns/application_shared.rb:13:in `set_timezone'
    app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
    /var/lib/workspace/workspace/test_katello_core/database/postgresql/ruby/2.2/slave/fast/plugin/test/controllers/foreman/hostgroups_controller_test.rb:16:in `test_new' (ActionView::Template::Error)

Related issues 2 (0 open2 closed)

Blocks Foreman - Bug #13372: Update Rails to 3.2.22.1Rejected01/26/2016Actions
Blocks Foreman - Feature #12873: Update Rails to 4.1.latestClosedDominic Cleal12/18/2015Actions
Actions #1

Updated by Dominic Cleal over 8 years ago

  • Blocks Bug #13372: Update Rails to 3.2.22.1 added
Actions #2

Updated by Dominic Cleal over 8 years ago

Actions #3

Updated by David Davis over 8 years ago

  • Assignee set to David Davis
Actions #4

Updated by David Davis over 8 years ago

  • Status changed from New to Assigned
Actions #5

Updated by The Foreman Bot over 8 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/5771 added
Actions #6

Updated by David Davis over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #7

Updated by Eric Helms over 8 years ago

  • Translation missing: en.field_release set to 86
Actions #8

Updated by Eric Helms over 8 years ago

  • Translation missing: en.field_release changed from 86 to 150
Actions

Also available in: Atom PDF