Project

General

Profile

Actions
Copy link

Bug #13666

closed

Partials in app/overrides must be moved into a views path

Added by Dominic Cleal almost 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
High
Assignee:
David Davis
Category:
Foreman
Target version:
foreman_remote_execution 0.2.3
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman_remote_execution/pull/154
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

On Rails 4.1.14.1 and 3.2.22.1, the deface overrides in foreman_remote_execution look like they will fail to render in a similar way to #13592.

These Rails versions fix an Activeview security issue that requires partials be in registered view directories (i.e. app/views/) and not be accessed via ../ etc.

foreman_remote_execution registers overrides with partials under app/overrides/foreman/ but must either register this directory and update the paths accordingly, or move them to app/views/.

e.g.

Deface::Override.new(:virtual_path  => 'nic/_base_form',
                     :name          => 'add_execution_interface',
                     :insert_after  => 'erb[loud]:contains("interface_provision")',
                     :partial       => '../overrides/foreman/nics/execution_interface')

This is likely to affect 1.10-stable and 1.11+.

Related issues 2 (0 open2 closed)

Related to Foreman - Feature #12873: Update Rails to 4.1.latestClosedDominic Cleal12/18/2015Actions
Related to Foreman - Bug #13372: Update Rails to 3.2.22.1Rejected01/26/2016Actions
Actions
Copy link

Also available in: Atom PDF