Feature #14595
closed
Use the template plugin API to define helpers and attributes
Description
Ticket #14588 will introduce possibility to define renderer extensions in a better way, make use of this!
Updated by Lukas Zapletal about 8 years ago
- Related to Feature #14588: Improve extending template helpers from plugin added
Updated by Lukas Zapletal almost 8 years ago
- Target version deleted (
Discovery Plugin 6.0)
Updated by Marek Hulán over 3 years ago
The only 3 safe mode definitions in engine.rb are the following:
allowed_template_helper :rand
allowed_template_variables :kexec_kernel, :kexec_initrd
The rand was allowed long time ago in https://github.com/theforeman/foreman_discovery/commit/d3e7c8b925a4da8ad18ddffee67225452915ff3d and refers to Kernel#rand. This should be moved to core as it's generally useful method. Note that safemode does not allow access, most likely because it can be abused to deplete the pool of random numbers causing DoS. But we already allow that in our DSL anyway.
Both :kexec_kernel and :kexec_initrd no longer exists, they have been replaced in https://github.com/theforeman/foreman_discovery/commit/3eeef1ff19e3f92e2011002d95b0116857fca43e which now lives in core.
Once rand is moved, these two lines can be dropped from engine.rb entirely.
Updated by Dominik Matoulek about 3 years ago
- Related to Feature #32307: allow rand method in safemode added
Updated by The Foreman Bot about 3 years ago
- Status changed from New to Ready For Testing
- Assignee set to Dominik Matoulek
- Pull request https://github.com/theforeman/foreman_discovery/pull/539 added
Updated by The Foreman Bot about 3 years ago
- Fixed in Releases Discovery Plugin 16.0 added
Updated by Dominik Matoulek about 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman_discovery|cc82c732a54dca3ab77f25ed523537bccf923826.