Project

General

Profile

Bug #7982

Entering 'html' data for an operating system's name breaks the Operating System page

Added by Og Maciel almost 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Our nightly automation shows that creating a new operating system with a name that uses html markup completely breaks the Operating System page, showing instead an error:

Warning!
No route matches {:action=>"update", :controller=>"operatingsystems", :id=>#<Operatingsystem id: 20, major: "268", name: "<applet>SqwaKFNAlz</applet>", minor: "", nameindicator: nil, created_at: "2014-10-17 11:13:21", updated_at: "2014-10-17 11:13:21", release_name: nil, type: nil, description: nil, hosts_count: 0, hostgroups_count: 0, password_hash: "MD5", title: "<applet>SqwaKFNAlz</applet> 268">}

Our test:

@Test: Create a new Architecture with OS ... 
2014-10-17 07:13:19 - robottelo.api.client - INFO - Making HTTP POST request to https://qe-foreman-rhel65.usersys.redhat.com/api/v2/operatingsystems with options {'verify': False, 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}} and data {"operatingsystem": {"major": "268", "name": "<applet>SqwaKFNAlz</applet>"}}.
2014-10-17 07:13:19 - robottelo.api.client - INFO - Equivalent curl command: curl -X POST --user admin:changeme --insecure headers=%7B%27content-type%27%3A+%27application%2Fjson%27%7D https://qe-foreman-rhel65.usersys.redhat.com/api/v2/operatingsystems
2014-10-17 07:13:19 - robottelo.api.client - DEBUG - Received HTTP 200 response: {"id":20,"name":"<applet>SqwaKFNAlz</applet>","title":"<applet>SqwaKFNAlz</applet> 268","description":null,"major":"268","minor":"","family":null,"release_name":null,"password_hash":"MD5","created_at":"2014-10-17T11:13:21Z","updated_at":"2014-10-17T11:13:21Z","parameters":[],"media":[],"architectures":[],"ptables":[],"config_templates":[],"os_default_templates":[],"images":[]}
2014-10-17 07:13:22 - root - DEBUG - NoSuchElementException: Could not locate element //div[contains(@class, 'jnotify-notification-error')].
ok

Full stack:

ActionController::RoutingError
No route matches {:action=>"update", :controller=>"operatingsystems", :id=>#<Operatingsystem id: 20, major: "268", name: "<applet>SqwaKFNAlz</applet>", minor: "", nameindicator: nil, created_at: "2014-10-17 11:13:21", updated_at: "2014-10-17 11:13:21", release_name: nil, type: nil, description: nil, hosts_count: 0, hostgroups_count: 0, password_hash: "MD5", title: "<applet>SqwaKFNAlz</applet> 268">}
app/helpers/application_helper.rb:26:in `link_to'
app/helpers/application_helper.rb:162:in `display_link_if_authorized'
app/helpers/application_helper.rb:152:in `display_delete_if_authorized'
app/views/operatingsystems/index.html.erb:15:in `block in _app_views_operatingsystems_index_html_erb___290286791826514284_126999700'
app/views/operatingsystems/index.html.erb:10:in `_app_views_operatingsystems_index_html_erb___290286791826514284_126999700'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'
Environment:
  • apr-util-ldap-1.3.9-3.el6_0.1.x86_64
  • candlepin-0.9.32-1.el6.noarch
  • candlepin-common-1.0.8-1.el6.noarch
  • candlepin-selinux-0.9.32-1.el6.noarch
  • candlepin-tomcat6-0.9.32-1.el6.noarch
  • elasticsearch-0.90.10-7.el6.noarch
  • foreman-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • foreman-compute-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • foreman-gce-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • foreman-libvirt-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • foreman-ovirt-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • foreman-postgresql-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • foreman-proxy-1.7.0-0.develop.201410101404git7961640.el6.noarch
  • foreman-release-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el6.noarch
  • foreman-vmware-1.7.0-0.develop.201410150839gitb948163.el6.noarch
  • katello-2.1.0-1.201410161306gite21feb2.el6.noarch
  • katello-certs-tools-2.0.1-1.el6.noarch
  • katello-default-ca-1.0-1.noarch
  • katello-installer-2.1.0-1.201410151311git9100203.el6.noarch
  • katello-repos-2.1.1-1.el6.noarch
  • katello-server-ca-1.0-1.noarch
  • openldap-2.4.23-32.el6_4.1.x86_64
  • pulp-docker-plugins-0.2.1-0.2.beta.el6.noarch
  • pulp-katello-0.3-3.el6.noarch
  • pulp-nodes-common-2.5.0-0.7.beta.el6.noarch
  • pulp-nodes-parent-2.5.0-0.7.beta.el6.noarch
  • pulp-puppet-plugins-2.5.0-0.7.beta.el6.noarch
  • pulp-puppet-tools-2.5.0-0.7.beta.el6.noarch
  • pulp-rpm-plugins-2.5.0-0.7.beta.el6.noarch
  • pulp-selinux-2.5.0-0.7.beta.el6.noarch
  • pulp-server-2.5.0-0.7.beta.el6.noarch
  • python-ldap-2.3.10-1.el6.x86_64
  • ruby193-rubygem-ldap_fluff-0.3.2-1.el6.noarch
  • ruby193-rubygem-net-ldap-0.3.1-2.el6.noarch
  • ruby193-rubygem-runcible-1.2.0-1.el6.noarch
  • rubygem-hammer_cli-0.1.3-1.201409240954gitf3c47c7.el6.noarch
  • rubygem-hammer_cli_foreman-0.1.3-1.201410151235gitbc8c449.el6.noarch
  • rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410gitc96619d.git.0.37f3704.el6.noarch
  • rubygem-hammer_cli_import-0.10.4-1.el6.noarch
  • rubygem-hammer_cli_katello-0.0.6-1.201410161327gite14cd51.git.0.a8188a8.el6.noarch

Associated revisions

Revision 47ab039e (diff)
Added by Shlomi Zadok almost 5 years ago

fixes #7982 - Parameterize Operatingsystem.title to avoid non-alphanumeric characters in title (and friendly_id)

Revision 9f590f40 (diff)
Added by Shlomi Zadok almost 5 years ago

fixes #7982 - Parameterize Operatingsystem.title to avoid non-alphanumeric characters in title (and friendly_id)

(cherry picked from commit 47ab039e61ae3f29627de0a770fa0c6b41f33c47)

History

#1 Updated by The Foreman Bot almost 5 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.2
  • Pull request https://github.com/theforeman/foreman/pull/1863 added
  • Pull request deleted ()

#2 Updated by Shlomi Zadok almost 5 years ago

  • Assignee set to Shlomi Zadok

#3 Updated by Dominic Cleal almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 21

Issue only present on develop branch, 1.6-stable is fine.

In future, please report issues like this to the security contact address (, http://theforeman.org/security.html) so we can evaluate the impact before making it public, in case it represents a (mild) security issue. Thanks.

#4 Updated by Shlomi Zadok almost 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Dominic Cleal almost 5 years ago

Commit 47ab039e61ae3f29627de0a770fa0c6b41f33c47 is actually meant to reference #7289.

Also available in: Atom PDF