Actions
Bug #13666
closedPartials in app/overrides must be moved into a views path
Status:
Closed
Priority:
High
Assignee:
Category:
Foreman
Target version:
Difficulty:
Triaged:
Description
On Rails 4.1.14.1 and 3.2.22.1, the deface overrides in foreman_remote_execution look like they will fail to render in a similar way to #13592.
These Rails versions fix an Activeview security issue that requires partials be in registered view directories (i.e. app/views/) and not be accessed via ../ etc.
foreman_remote_execution registers overrides with partials under app/overrides/foreman/ but must either register this directory and update the paths accordingly, or move them to app/views/.
e.g.
Deface::Override.new(:virtual_path => 'nic/_base_form', :name => 'add_execution_interface', :insert_after => 'erb[loud]:contains("interface_provision")', :partial => '../overrides/foreman/nics/execution_interface')
This is likely to affect 1.10-stable and 1.11+.
Updated by Dominic Cleal over 8 years ago
- Related to Feature #12873: Update Rails to 4.1.latest added
Updated by Dominic Cleal over 8 years ago
- Related to Bug #13372: Update Rails to 3.2.22.1 added
Updated by The Foreman Bot over 8 years ago
- Status changed from Assigned to Ready For Testing
- Target version set to 98
- Pull request https://github.com/theforeman/foreman_remote_execution/pull/154 added
Updated by Stephen Benjamin over 8 years ago
- Translation missing: en.field_release set to 133
Updated by David Davis over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset foreman_plugin|0611891bfb1b448e232b766d78475ba4955c281f.
Actions