Project

General

Profile

Bug #4519

Renaming host with / in name causes "No route matches" error

Added by Dominic Cleal about 5 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

1. Edit an existing host
2. Change name to "foo/bar" (or add a "/" inside the name)
3. Submit form

You receive the following error:

No route matches {:action=>"toggle_manage", :controller=>"hosts", :id=>"foo/bar.example.com"}

The save doesn't occur as the name is invalid (since #3697), but the form fails to re-render.


Related issues

Related to Foreman - Bug #3697: Field Validations Should be more ComprehensiveClosed2013-11-20
Related to Foreman - Bug #4456: CVE-2014-0089 - Stored Cross Site Scripting (XSS) on 500 error pageClosed2014-02-262014-03-18
Related to Foreman - Bug #9531: Removing host name from Host#edit throws routing errorClosed2015-02-24

Associated revisions

Revision adc931f2 (diff)
Added by Tomer Brisker over 2 years ago

Fixes #4519, #9531 - Correctly handle invalid host name changes

Removing a host name or otherwise changing it to an invalid name (such
as a name containing /) caused the form to fail loading. This makes sure
all paths are generated correctly and validation error is shown.

Revision 7f0c0c8e (diff)
Added by Tomer Brisker over 2 years ago

Fixes #4519, #9531 - Correctly handle invalid host name changes

Removing a host name or otherwise changing it to an invalid name (such
as a name containing /) caused the form to fail loading. This makes sure
all paths are generated correctly and validation error is shown.
(cherry picked from commit adc931f2107eaf14f095193a03ebad6dc10e4d22)

History

#1 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #3697: Field Validations Should be more Comprehensive added

#2 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #4456: CVE-2014-0089 - Stored Cross Site Scripting (XSS) on 500 error page added

#3 Updated by Dominic Cleal about 5 years ago

This issue is marked as private, not because of a particular security angle, but because it's possible to include JavaScript in the host name, which thanks to #4456 gets rendered in the user's browser. Once #4456 is fixed, I'll make this issue public.

#4 Updated by Dominic Cleal about 5 years ago

  • Category changed from Security to Web Interface
  • Private changed from Yes to No

#5 Updated by Dominic Cleal about 3 years ago

  • Related to Bug #9531: Removing host name from Host#edit throws routing error added

#6 Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Tomer Brisker
  • Pull request https://github.com/theforeman/foreman/pull/4179 added

#7 Updated by Anonymous over 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Dominic Cleal over 2 years ago

  • Legacy Backlogs Release (now unused) set to 210

#9 Updated by Daniel Lobato Garcia over 2 years ago

  • Target version set to 169

#10 Updated by Brad Buckingham over 2 years ago

  • Target version deleted (169)

#11 Updated by Daniel Lobato Garcia over 2 years ago

  • Target version set to 1.11.0

Also available in: Atom PDF