Bug #4519

Renaming host with / in name causes "No route matches" error

Added by Dominic Cleal over 4 years ago. Updated 8 days ago.

Status:Closed
Priority:Normal
Assignee:Tomer Brisker
Category:Web Interface
Target version:1.14.1
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:
Pull request:https://github.com/theforeman/foreman/pull/4179

Description

1. Edit an existing host
2. Change name to "foo/bar" (or add a "/" inside the name)
3. Submit form

You receive the following error:

No route matches {:action=>"toggle_manage", :controller=>"hosts", :id=>"foo/bar.example.com"}

The save doesn't occur as the name is invalid (since #3697), but the form fails to re-render.


Related issues

Related to Foreman - Bug #3697: Field Validations Should be more Comprehensive Closed 11/20/2013
Related to Foreman - Bug #4456: CVE-2014-0089 - Stored Cross Site Scripting (XSS) on 500 ... Closed 02/26/2014 03/18/2014
Related to Foreman - Bug #9531: Removing host name from Host#edit throws routing error Closed 02/24/2015

Associated revisions

Revision adc931f2
Added by Tomer Brisker over 1 year ago

Fixes #4519, #9531 - Correctly handle invalid host name changes

Removing a host name or otherwise changing it to an invalid name (such
as a name containing /) caused the form to fail loading. This makes sure
all paths are generated correctly and validation error is shown.

Revision 7f0c0c8e
Added by Tomer Brisker over 1 year ago

Fixes #4519, #9531 - Correctly handle invalid host name changes

Removing a host name or otherwise changing it to an invalid name (such
as a name containing /) caused the form to fail loading. This makes sure
all paths are generated correctly and validation error is shown.
(cherry picked from commit adc931f2107eaf14f095193a03ebad6dc10e4d22)

History

#1 Updated by Dominic Cleal over 4 years ago

  • Related to Bug #3697: Field Validations Should be more Comprehensive added

#2 Updated by Dominic Cleal over 4 years ago

  • Related to Bug #4456: CVE-2014-0089 - Stored Cross Site Scripting (XSS) on 500 error page added

#3 Updated by Dominic Cleal over 4 years ago

This issue is marked as private, not because of a particular security angle, but because it's possible to include JavaScript in the host name, which thanks to #4456 gets rendered in the user's browser. Once #4456 is fixed, I'll make this issue public.

#4 Updated by Dominic Cleal over 4 years ago

  • Category changed from Security to Web Interface
  • Private changed from Yes to No

#5 Updated by Dominic Cleal over 2 years ago

  • Related to Bug #9531: Removing host name from Host#edit throws routing error added

#6 Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Assignee set to Tomer Brisker
  • Pull request https://github.com/theforeman/foreman/pull/4179 added

#7 Updated by Anonymous over 1 year ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Dominic Cleal over 1 year ago

  • Legacy Backlogs Release (now unused) set to 210

#9 Updated by Daniel Lobato Garcia over 1 year ago

  • Target version set to 169

#10 Updated by Brad Buckingham over 1 year ago

  • Target version deleted (169)

#11 Updated by Daniel Lobato Garcia over 1 year ago

  • Target version set to 1.11.0

Also available in: Atom PDF