Actions
Bug #7982
closed
Entering 'html' data for an operating system's name breaks the Operating System page
Description
Our nightly automation shows that creating a new operating system with a name that uses html markup completely breaks the Operating System page, showing instead an error:
Warning!
No route matches {:action=>"update", :controller=>"operatingsystems", :id=>#<Operatingsystem id: 20, major: "268", name: "<applet>SqwaKFNAlz</applet>", minor: "", nameindicator: nil, created_at: "2014-10-17 11:13:21", updated_at: "2014-10-17 11:13:21", release_name: nil, type: nil, description: nil, hosts_count: 0, hostgroups_count: 0, password_hash: "MD5", title: "<applet>SqwaKFNAlz</applet> 268">}
Our test:
@Test: Create a new Architecture with OS ...
2014-10-17 07:13:19 - robottelo.api.client - INFO - Making HTTP POST request to https://qe-foreman-rhel65.usersys.redhat.com/api/v2/operatingsystems with options {'verify': False, 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}} and data {"operatingsystem": {"major": "268", "name": "<applet>SqwaKFNAlz</applet>"}}.
2014-10-17 07:13:19 - robottelo.api.client - INFO - Equivalent curl command: curl -X POST --user admin:changeme --insecure headers=%7B%27content-type%27%3A+%27application%2Fjson%27%7D https://qe-foreman-rhel65.usersys.redhat.com/api/v2/operatingsystems
2014-10-17 07:13:19 - robottelo.api.client - DEBUG - Received HTTP 200 response: {"id":20,"name":"<applet>SqwaKFNAlz</applet>","title":"<applet>SqwaKFNAlz</applet> 268","description":null,"major":"268","minor":"","family":null,"release_name":null,"password_hash":"MD5","created_at":"2014-10-17T11:13:21Z","updated_at":"2014-10-17T11:13:21Z","parameters":[],"media":[],"architectures":[],"ptables":[],"config_templates":[],"os_default_templates":[],"images":[]}
2014-10-17 07:13:22 - root - DEBUG - NoSuchElementException: Could not locate element //div[contains(@class, 'jnotify-notification-error')].
ok
Full stack:
ActionController::RoutingError
No route matches {:action=>"update", :controller=>"operatingsystems", :id=>#<Operatingsystem id: 20, major: "268", name: "<applet>SqwaKFNAlz</applet>", minor: "", nameindicator: nil, created_at: "2014-10-17 11:13:21", updated_at: "2014-10-17 11:13:21", release_name: nil, type: nil, description: nil, hosts_count: 0, hostgroups_count: 0, password_hash: "MD5", title: "<applet>SqwaKFNAlz</applet> 268">}
app/helpers/application_helper.rb:26:in `link_to'
app/helpers/application_helper.rb:162:in `display_link_if_authorized'
app/helpers/application_helper.rb:152:in `display_delete_if_authorized'
app/views/operatingsystems/index.html.erb:15:in `block in _app_views_operatingsystems_index_html_erb___290286791826514284_126999700'
app/views/operatingsystems/index.html.erb:10:in `_app_views_operatingsystems_index_html_erb___290286791826514284_126999700'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'
Environment:
- apr-util-ldap-1.3.9-3.el6_0.1.x86_64
- candlepin-0.9.32-1.el6.noarch
- candlepin-common-1.0.8-1.el6.noarch
- candlepin-selinux-0.9.32-1.el6.noarch
- candlepin-tomcat6-0.9.32-1.el6.noarch
- elasticsearch-0.90.10-7.el6.noarch
- foreman-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- foreman-compute-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- foreman-gce-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- foreman-libvirt-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- foreman-ovirt-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- foreman-postgresql-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- foreman-proxy-1.7.0-0.develop.201410101404git7961640.el6.noarch
- foreman-release-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el6.noarch
- foreman-vmware-1.7.0-0.develop.201410150839gitb948163.el6.noarch
- katello-2.1.0-1.201410161306gite21feb2.el6.noarch
- katello-certs-tools-2.0.1-1.el6.noarch
- katello-default-ca-1.0-1.noarch
- katello-installer-2.1.0-1.201410151311git9100203.el6.noarch
- katello-repos-2.1.1-1.el6.noarch
- katello-server-ca-1.0-1.noarch
- openldap-2.4.23-32.el6_4.1.x86_64
- pulp-docker-plugins-0.2.1-0.2.beta.el6.noarch
- pulp-katello-0.3-3.el6.noarch
- pulp-nodes-common-2.5.0-0.7.beta.el6.noarch
- pulp-nodes-parent-2.5.0-0.7.beta.el6.noarch
- pulp-puppet-plugins-2.5.0-0.7.beta.el6.noarch
- pulp-puppet-tools-2.5.0-0.7.beta.el6.noarch
- pulp-rpm-plugins-2.5.0-0.7.beta.el6.noarch
- pulp-selinux-2.5.0-0.7.beta.el6.noarch
- pulp-server-2.5.0-0.7.beta.el6.noarch
- python-ldap-2.3.10-1.el6.x86_64
- ruby193-rubygem-ldap_fluff-0.3.2-1.el6.noarch
- ruby193-rubygem-net-ldap-0.3.1-2.el6.noarch
- ruby193-rubygem-runcible-1.2.0-1.el6.noarch
- rubygem-hammer_cli-0.1.3-1.201409240954gitf3c47c7.el6.noarch
- rubygem-hammer_cli_foreman-0.1.3-1.201410151235gitbc8c449.el6.noarch
- rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410gitc96619d.git.0.37f3704.el6.noarch
- rubygem-hammer_cli_import-0.10.4-1.el6.noarch
- rubygem-hammer_cli_katello-0.0.6-1.201410161327gite14cd51.git.0.a8188a8.el6.noarch
Files
Updated by The Foreman Bot about 10 years ago
- Status changed from New to Ready For Testing
- Target version set to 1.7.2
- Pull request https://github.com/theforeman/foreman/pull/1863 added
- Pull request deleted (
)
Updated by Dominic Cleal about 10 years ago
- Translation missing: en.field_release set to 21
Issue only present on develop branch, 1.6-stable is fine.
In future, please report issues like this to the security contact address (foreman-security@googlegroups.com, http://theforeman.org/security.html) so we can evaluate the impact before making it public, in case it represents a (mild) security issue. Thanks.
Updated by Shlomi Zadok about 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 47ab039e61ae3f29627de0a770fa0c6b41f33c47.
Updated by Dominic Cleal about 10 years ago
Commit 47ab039e61ae3f29627de0a770fa0c6b41f33c47 is actually meant to reference #7289.
Actions