Bug 1022498
| Summary: | When creating username with nonstandard characters inside, Sat6 user is created, but KatelloForemanEngine exception occurs | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Adam Saleh <asaleh> |
| Component: | WebUI | Assignee: | Katello Bug Bin <katello-bugs> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0.2 | CC: | bkearney, mmccune |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-07-02 14:05:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Adam Saleh
2013-10-23 12:22:39 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. After aditional investigation I have encountered same behavior when trying to input usernames <a href=localhost>test</a>, or '';!--"<XSS>=&{()}
The exception is
Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 500 Internal Server Error
Expected result:
User-creation in Sat6 should be compatible with Foreman.
The following example all result in invalid users messages when attempting to create them:
'';!--"<XSS>=&{()}
<a href=localhost>test</a>
foo foo
Tried in api, looks good. This was delivered with 6.0.3, which is the Satellite 6 Beta. |